[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ipsec error codes



Replies inline...

> ----------
> From: 	Scott G. Kelly[SMTP:skelly@redcreek.com]
> Sent: 	Thursday, April 08, 1999 2:12 PM
> To: 	ipsec@lists.tislabs.com
> Subject: 	ipsec error codes
> 
[stuff deleted]

> As a first cut, I'd say our requirements are these:
> 
>    1) a standard message format, as opposed to simply numeric codes;
>       this format would include the items listed below.
> 
>         o numeric codes which encode the following:
>             - standard event codes; note that event codes are 
>               different than reply codes sometimes.
>             - priority (perhaps like syslog)
>             - originating element (e.g. isakmp, SPD, SAD, esp, ah, etc)
> 
>         o relative timestamp
> 
>         o standardized text portion containing variable fields which are
>           filled in during message construction, e.g. ip address,
> spi,etc.
> 
> I'd like some input on this before attempting to write up something more
> substantial. Are there additional requirements? Are the ones specified
> here correct?
> 
I would add a statement to the effect that:  "Any event code or message sent
to indicate failure to create an SA MUST NOT reveal information that would
otherwise only be known to the initiator *after* the successful creation of
an SA."


-- Craig Biggerstaff




Follow-Ups: