subject:"\[IPsec\] Invalid transform type in an SA payload \- which error\?"

Re: [IPsec] Invalid transform type in an SA payload - which error?

2010-05-27 Thread Scott C Moonen

--| |> | Subject: | |> >----------------------| |[IPsec] Invalid

[IPsec] Invalid transform type in an SA payload - which error?

2010-05-27 Thread Dan McDonald

While going over some error cases, we wondered if some miscreant sends us a transform of type PRF in a CHILD_SA or AUTH exchange where the SA payload is clearly intended for a Child SA (e.g. ESP or AH)? Would INVALID_SYNTAX or NO_PROPOSAL_CHOSEN work better here? Thanks, Dan _