>>>>> "Tero" == Tero Kivinen <kivi...@iki.fi> writes:
>> The INVALID_SYNTAX notify in response to missing payload in
>> IKE_AUTH should be send encrypted using DH keys or unencrypted ?
Tero> As it is clear that other end is not following the
Tero> specification, i.e. there is bug on the other end, there is
Tero> no need to think that much what you should do in that
Tero> case. That situation never happens in normal case, so use the
Tero> easiest way out.
I agree with the general principle.
However, a log entry would be good, as there will be people with
broken implementations (i.e. "bugs") out there trying to determine what
is going on, and they won't always be sitting at a table next to you.
--
] Y'avait une poule de jammé dans l'muffler!!!!!!!!! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] m...@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
