[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ipsec error codes

To: Craig.Biggerstaff@csoconline.com
Subject: RE: ipsec error codes
From: Paul Koning <pkoning@xedia.com>
Date: Mon, 12 Apr 1999 12:45:10 -0400
Cc: ipsec@lists.tislabs.com, skelly@redcreek.com
References: <F38588EB3695D2119B4500902727A3451738A7@csoc-mail-box.csoconline.com>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Biggerstaff," == Biggerstaff, Craig <Craig.Biggerstaff@csoconline.com> writes:

 Biggerstaff,> I would add a statement to the effect that: "Any event
 Biggerstaff,> code or message sent to indicate failure to create an
 Biggerstaff,> SA MUST NOT reveal information that would otherwise
 Biggerstaff,> only be known to the initiator *after* the successful
 Biggerstaff,> creation of an SA."

That sounds sensible, but applied strictly it means canceling the
product, because ANY message sent reveals some information.
Minimally, it reveals that the other end is doing IPSEC and might be
willing to talk if presented with suitable stimuli.

	paul

References:

RE: ipsec error codes

From: "Biggerstaff, Craig" <Craig.Biggerstaff@csoconline.com>

Prev by Date: New mailing list for the May interop event
Next by Date: Mismatching PFS
Prev by thread: RE: ipsec error codes
Next by thread: RE: ipsec error codes
Index(es):
- Main
- Thread