Re: draft-ietf-ipsec-son-of-ike-protocol-reqts-00.txt

[Paul Hoffman / VPNC <paul.hoffman@vpnc.org>]

At 10:51 PM -0700 12/22/01, Shane Amante wrote:
>I am suggesting that, in whatever protocol is chosen as the successor
>to IKEv1, it needs to have granular status and error codes -- the more
>granular the better.

Note that JFK has taken the opposite approach: almost no "error 
messages", and those that it has are concise and let the other side 
know exactly what the other side should do to get around the error.

This is an important consideration for the eventual successor 
protocol. IKEv1 has many under-defined error messages. In many cases, 
it is not at all clear what the side receiving an error message 
should do with the error. The -00 draft of IKEv2 has given more 
definition to some of the error messages, but there are still lots of 
messages that are of no value other than to log them in the debugging 
interface. The -00 draft of JFK has no error messages, but simply has 
two responses that are used to say "you should try again, and here 
are some reasonable values to try with if you feel like it". Either 
of the two protocols could be changed to use different type of error 
reporting, depending on what the WG wants.

--Paul Hoffman, Director
--VPN Consortium

---

References:

• draft-ietf-ipsec-son-of-ike-protocol-reqts-00.txt
• From: Shane Amante <shane@amante.org>
• Re: draft-ietf-ipsec-son-of-ike-protocol-reqts-00.txt
• From: Jan Vilhuber <vilhuber@cisco.com>
• Re: draft-ietf-ipsec-son-of-ike-protocol-reqts-00.txt
• From: Shane Amante <shane@amante.org>

---

• Prev by Date: Re: draft-ietf-ipsec-son-of-ike-protocol-reqts-00.txt
• Next by Date: RE: IKEv2 traffic selector subsetting.
• Prev by thread: Re: draft-ietf-ipsec-son-of-ike-protocol-reqts-00.txt
• Next by thread: Re: discussion of IPsec MIB requirements and goals, and my reviewof IPsec Flow Monitoring MIB
• Index(es):
  • Main
  • Thread