Errata Search
RFC Number:		Errata ID:
Source of RFC		Status:	All/Any Verified+Reported Verified Reported Held for Document Update Rejected
Area Acronym:	All/Any app art gen int ops rai rtg sec tsv wit	Type:	All/Any Editorial Technical
WG Acronym:		Submitter Name:
Other:	All/Any IAB INDEPENDENT IRTF Legacy Editorial	Date Submitted:
Summary Table Full Records

RFC 4543, "The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH", May 2006

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec
See Also: RFC 4543 w/ inline errata

---

Errata ID: 1821
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Pasi Eronen
Date Reported: 2009-07-30
Verifier Name: Pasi Eronen
Date Verified: 2009-10-08

Section 9 says:

(nothing)

It should say:

The following text should have been included in Section 9:

For the negotiation of AES-GMAC in AH with IKEv1, the following
values have been assigned in the IPsec AH Transform Identifiers
registry (in isakmp-registry). Note that IKEv1 and IKEv2 use
different transform identifiers.

   "11" for AH_AES-128-GMAC

   "12" for AH_AES-192-GMAC

   "13" for AH_AES-256-GMAC

In addition, the following values have been assigned in the
Authentication Algorithms registry (in isakmp-registry):

   "11" for AES-128-GMAC

   "12" for AES-192-GMAC

   "13" for AES-256-GMAC

For the negotiation of AES-GMAC in ESP with IKEv1, the following
value has been assigned from the IPsec ESP Transform Identifiers
registry (in isakmp-registry). Note that IKEv1 and IKEv2 use a
different transform identifier.

   "23" for ESP_NULL_AUTH_AES-GMAC

Notes:

Found by Soo-Fei Chew (ipsec@ietf.org list, 2009-04-09);
approved by IESG in 2009-06-04 telechat.

Report New Errata