[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: ipsec error codes
Replies inline...
> ----------
> From: Scott G. Kelly[SMTP:skelly@redcreek.com]
> Sent: Thursday, April 08, 1999 2:12 PM
> To: ipsec@lists.tislabs.com
> Subject: ipsec error codes
>
[stuff deleted]
> As a first cut, I'd say our requirements are these:
>
> 1) a standard message format, as opposed to simply numeric codes;
> this format would include the items listed below.
>
> o numeric codes which encode the following:
> - standard event codes; note that event codes are
> different than reply codes sometimes.
> - priority (perhaps like syslog)
> - originating element (e.g. isakmp, SPD, SAD, esp, ah, etc)
>
> o relative timestamp
>
> o standardized text portion containing variable fields which are
> filled in during message construction, e.g. ip address,
> spi,etc.
>
> I'd like some input on this before attempting to write up something more
> substantial. Are there additional requirements? Are the ones specified
> here correct?
>
I would add a statement to the effect that: "Any event code or message sent
to indicate failure to create an SA MUST NOT reveal information that would
otherwise only be known to the initiator *after* the successful creation of
an SA."
-- Craig Biggerstaff
Follow-Ups: