Re: [IPsec] Invalid transform type in an SA payload - which error?
--| |> | Subject: | |> >----------------------| |[IPsec] Invalid
[IPsec] Invalid transform type in an SA payload - which error?
While going over some error cases, we wondered if some miscreant sends us a transform of type PRF in a CHILD_SA or AUTH exchange where the SA payload is clearly intended for a Child SA (e.g. ESP or AH)? Would INVALID_SYNTAX or NO_PROPOSAL_CHOSEN work better here? Thanks, Dan _