Re: Agenda stuff

[Tero Kivinen <kivinen@ssh.fi>]

Tamir Zegman writes:
> There is also the issue of Notification data which is not defined
> anywhere. I think this field should be used in order to convey more
> detailed information on the reason of failure. If I recall we had
> this discussion in the Raleigh Bakeoff but it was not resolved.

I think that is also important issue. 

> Some proposed to put in the proposal that failed the negotiation, we
> proposed to put in an ASCII string. I think the first option is not
> generic enough since it can be used only with regard to failing in
> selecting an appropriate proposal. Comments?

I would like to see that the notification data is always list of
attributes. This way we can easily add stuff later when we want to add
more things. Currently the RESPONDER-LIFETIME already uses that. In
that case we could have new attribute type numbers like:

	Failing SA proposal				256
	Error message text (default: UTF-8, english)	257
	...

And then I can include list of two attributes to the notification,
one containing the failing SA proposal, and the second onme includes
the error message text, saying something like "Phase I proposal
rejected because of policy required 3DES encryption, and no proposal
matching that was found". 
-- 
kivinen@iki.fi                               Work : +358-9-4354 3218
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

---

Follow-Ups:

• Re: Agenda stuff
• From: Tamir Zegman <zegman@checkpoint.com>

References:

• Re: Agenda stuff
• From: Daniel Harkins <dharkins@cisco.com>
• Re: Agenda stuff
• From: Tero Kivinen <kivinen@ssh.fi>
• Re: Agenda stuff
• From: Tamir Zegman <zegman@checkpoint.com>

---

• Prev by Date: Re: Agenda stuff
• Next by Date: (NAT) Host NAT issues and Security Policy Servers
• Prev by thread: Re: Agenda stuff
• Next by thread: Re: Agenda stuff
• Index(es):
  • Main
  • Thread