> Huh? How exactly would returning a "security index not supported" > error instead of just ignoring the packet result in a=20 > downgrade attack? I believe it is similar to the CIFS Downgrade Attack scenerio (Google for it if you are not familiar with this classic vulnerability).