[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-ipsec-notifymsg-00.txt

To: "Mason, David" <David_Mason@nai.com>
Subject: Re: I-D ACTION:draft-ietf-ipsec-notifymsg-00.txt
From: "Scott G. Kelly" <skelly@redcreek.com>
Date: Tue, 22 Jun 1999 11:16:14 -0700
CC: ipsec@lists.tislabs.com
Organization: RedCreek Communications
References: <447A3F40A07FD211BA2700A0C99D759B05D0BB@md-exchange1.nai.com>
Sender: owner-ipsec@lists.tislabs.com

Sorry to take so long to reply. Comments interspersed.

"Mason, David" wrote:
> 
> For ISAKMP header field error messages (flags, version,
> exchange, cookies, message id) it might be easier to
> implement and perhaps more beneficial for other reasons
> if the entire offending header was supplied rather than
> just the offending field.

I guess this makes sense. If nobody else objects to this, I can make
this change.

> >2.1 INVALID-PAYLOAD-TYPE
> >     o  Notification Data - contains the subject payload
> 
> Perhaps with this message and in others, when
> supplying an offending payload the NextHeader field in
> the subject payload should be set to the type of the
> payload in question.

I could go either way on this, except that leaving it alone might
provide the originator with some context clue. 

> >2.13 ATTRIBUTES-NOT-SUPPORTED
> 
> The transform id in addition to the protocol id should probably
> be supplied.  Or better yet supply the SA payload with an
> offset indicator to the offending attribute.

I agree that the transform ID would be useful, but originally figured
the entire SA payload might be overkill in terms of both useful
information and bandwidth. If you include the entire payload, you would
also need some indication of which attributes were problematic. However,
if nobody objects to this, we could make this change.

> >2.14 NO-PROPOSAL-CHOSEN
> 
> Optionally supply a proposal(s) that might be considered
> acceptable in the notification data.

This is a slippery slope - I think this would open an implementation to
probing, and that's probably not a GoodThing.

> >2.15 BAD-PROPOSAL-SYNTAX
> 
> Should probably contain an offset indicator to the offending
> byte within the proposal.

> >2.16 PAYLOAD-MALFORMED
> 
> Also should have an offset indicator and there could be
> other messages that might benefit from an offset
> indicator as well.

I can see where offsets would be useful for diagnostics. If nobody
objects, these could be added.

Thanks for reviewing the draft.

Scott

References:

RE: I-D ACTION:draft-ietf-ipsec-notifymsg-00.txt

From: "Mason, David" <David_Mason@nai.com>

Prev by Date: Re: using por numbers in selectors
Next by Date: Re: using por numbers in selectors
Prev by thread: RE: I-D ACTION:draft-ietf-ipsec-notifymsg-00.txt
Next by thread: RE: I-D ACTION:draft-ietf-ipsec-notifymsg-00.txt
Index(es):
- Main
- Thread