[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on CRACK





>Section 3.2 IKE Challenge/Response Authentication Failures, the notification
>does
>not include a space for a user readable message (in fact the length of the
>notification is fixed). On the other the only place to give a specific error
>code
>the status field is specifically set as private.
>
>As an example of a good protocol, look at ftp (or http) which has a numeric
>error
>code designed for machine consumption, and an additional text to be read by
>humans.
>

For what it's worth, I think that IKE has already passed the point where it
can be debugged by humans. Certainly a string cannot hurt, but one would have
to parse through so many other potential problems, that I fail to see this
addition as being a big plus. 

That said, the PPP world has long suffered from the problem in Windows 
where strings from protocols are NOT displayed to users. I suppose this
MAY change sometime in the future, but if the client is running windows,
that string will hit /dev/null.

PatC