Re: ICMP and unknown extension headers?

[Matt Crawford]

> On second thought, an implementation obviously shouldn't be sending a
> decryption of a packet inside of an ICMP error message, so this case
> is moot.

Not at all.  Either you send the ICMP error back down the same SA as
the offending packet or, if the selectors don't permit that, you
negotiate a new SA to send the error.

This has been thought of before, although 2401 could be a lot clearer.

                                Matt
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page:                      http://playground.sun.com/ipng
FTP archive:                      ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------