[abfab] [#31] need help with errors for draft-ietf-abfab-gss-eap

Wed, 18 Jan 2012 05:33:19 -0800 

Folks, one of the big  stumbling blocks in being done with the core
mechanism spec is handling of errors.

To remind you, the current error token format is as follows;

   The acceptor may always end the exchange by generating an error
   subtoken.  The error subtoken has the following format:

   +--------+----------------------------------------------------------+
   | Pos    | Description                                              |
   +--------+----------------------------------------------------------+
   | 0..3   | 0x80 00 00 01                                            |
   |        |                                                          |
   | 4..7   | length of error token                                    |
   |        |                                                          |
   | 8..11  | major status from RFC 2744 as 32-bit network byte order  |
   |        |                                                          |
   | 12..15 | GSS EAP error code as 32-bit network byte order; see     |
   |        | Section 8.4                                              |
   +--------+----------------------------------------------------------+

   Initiators MUST ignore octets beyond the GSS EAP error code for
   future extensibility.  As indicated, the error token is always marked
   critical.


Here are the error codes we can currently send back.

I'd appreciate comments on whether these are reasonable and on whether
we need more.
error_code GSSEAP_WRONG_SIZE,                   "Buffer is incorrect size"
error_code GSSEAP_WRONG_MECH,                   "Mechanism OID is incorrect"
error_code GSSEAP_BAD_TOK_HEADER,               "Token header is malformed or 
corrupt"
error_code GSSEAP_TOK_TRUNC,                    "Token is missing data"
error_code GSSEAP_BAD_DIRECTION,                "Packet was replayed in wrong 
direction"
error_code GSSEAP_WRONG_TOK_ID,                 "Received token ID does not 
match expected token ID"
error_code GSSEAP_CRIT_ITOK_UNAVAILABLE,        "Critical inner token type 
unavailable"
error_code GSSEAP_MISSING_REQUIRED_ITOK,        "Missing required inner token"
error_code GSSEAP_DUPLICATE_ITOK,               "Duplicate inner token received"
error_code GSSEAP_WRONG_ITOK,                   "Recieved invalid inner token 
for current state"
error_code GSSEAP_KEY_UNAVAILABLE,              "EAP key unavailable"
error_code GSSEAP_KEY_TOO_SHORT,                "EAP key too short"
error_code GSSEAP_RADIUS_AUTH_FAILURE,          "Authentication rejected by 
RADIUS server"
error_code GSSEAP_UNKNOWN_RADIUS_CODE,          "Received unknown response code 
from RADIUS server"
error_code GSSEAP_MISSING_EAP_REQUEST,          "RADIUS response is missing EAP 
request"
error_code GSSEAP_RADIUS_PROT_FAILURE,          "Generic RADIUS failure"
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab

Reply via email to