Re: draft-ietf-ipsec-notifymsg-00.txt

["Scott G. Kelly" <skelly@redcreek.com>]

Hi Tamir,

Tamir Zegman wrote:

<trimmed... comments below>

> I have one remark on the Notify message drafts.
> I believe that there should be room left in the notify payload for a textual message
> describing the problem.
> Such an error string along side the pre-defined notify types has the advantages of
> refining the meaning of the notify message type and it could be used for auditing or for
> displaying a message whenever a user is involved.
> 
> So, my proposal is that the notify data field should be structured like a list of data
> attributes pairs (attribute type + attribute value),
> one pair would contain the data that you have proposed in your draft, and another
> (optional) pair would contain a string.
> Actually, I believe that a similar proposal was raised at the NC bakeoff a while back.
> 

I agree that some accompanying text would be useful, but I wonder if the
field in which the text resides should be fixed, rather than freeform.
My initial feeling is that use of A/V pairs raises some concern for
buffer overflow attack. Does anyone else have thoughts on this?

Scott

---

References:

• Re: draft-ietf-ipsec-notifymsg-00.txt (long)
• From: Sheila Frankel <sheila.frankel@nist.gov>
• Re: draft-ietf-ipsec-notifymsg-00.txt
• From: Tamir Zegman <zegman@checkpoint.com>

---

• Prev by Date: Re: issues from the bakeoff
• Next by Date: Re: issues from the bakeoff
• Prev by thread: Re: draft-ietf-ipsec-notifymsg-00.txt
• Next by thread: Re: draft-ietf-ipsec-notifymsg-00.txt (long)
• Index(es):
  • Main
  • Thread