Re: [IPsec] Invalid transform type in an SA payload - which error?

Thu, 27 May 2010 10:30:27 -0700 

Dan, I think you need to consider the proposal a mismatch against your
policy and move to the next proposal.  If you find an agreeable one, good.
If not, NO_PROPOSAL_CHOSEN.


Scott Moonen ([email protected])
z/OS Communications Server TCP/IP Development
http://www.linkedin.com/in/smoonen


|------------>
| From:      |
|------------>
  
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |Dan McDonald <[email protected]>                                       
                                                                     |
  
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| To:        |
|------------>
  
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |[email protected]                                                               
                                                                     |
  
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Date:      |
|------------>
  
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |05/27/2010 01:17 PM                                                          
                                                                     |
  
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Subject:   |
|------------>
  
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |[IPsec] Invalid transform type in an SA payload - which error?               
                                                                     |
  
>--------------------------------------------------------------------------------------------------------------------------------------------------|





While going over some error cases, we wondered if some miscreant sends us a
transform of type PRF in a CHILD_SA or AUTH exchange where the SA payload
is
clearly intended for a Child SA (e.g. ESP or AH)?

Would INVALID_SYNTAX or NO_PROPOSAL_CHOSEN work better here?

Thanks,
Dan
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec

<<inline: graycol.gif>>

<<inline: ecblank.gif>>

_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to