[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-ipsec-son-of-ike-protocol-reqts-00.txt
At 10:51 PM -0700 12/22/01, Shane Amante wrote:
>I am suggesting that, in whatever protocol is chosen as the successor
>to IKEv1, it needs to have granular status and error codes -- the more
>granular the better.
Note that JFK has taken the opposite approach: almost no "error
messages", and those that it has are concise and let the other side
know exactly what the other side should do to get around the error.
This is an important consideration for the eventual successor
protocol. IKEv1 has many under-defined error messages. In many cases,
it is not at all clear what the side receiving an error message
should do with the error. The -00 draft of IKEv2 has given more
definition to some of the error messages, but there are still lots of
messages that are of no value other than to log them in the debugging
interface. The -00 draft of JFK has no error messages, but simply has
two responses that are used to say "you should try again, and here
are some reasonable values to try with if you feel like it". Either
of the two protocols could be changed to use different type of error
reporting, depending on what the WG wants.
--Paul Hoffman, Director
--VPN Consortium
References: