RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 4543, "The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH", May 2006

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec
See Also: RFC 4543 w/ inline errata

Errata ID: 3643
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Michael Bowler
Date Reported: 2013-06-06
Verifier Name: Sean Turner
Date Verified: 2013-08-14

Section 4 says:

   In AUTH_AES_GMAC, the AH Authentication Data field consists of the IV
   and the Authentication Tag, as shown in Figure 5.  Unlike the usual
   AH case, the Authentication Data field contains both an input to the
   authentication algorithm (the IV) and the output of the
   authentication algorithm (the tag).  No padding is required in the
   Authentication Data field, because its length is a multiple of 64
   bits.

It should say:

   In AUTH_AES_GMAC, the AH Authentication Data field consists of the IV
   and the Authentication Tag, as shown in Figure 5.  Unlike the usual
   AH case, the Authentication Data field contains both an input to the
   authentication algorithm (the IV) and the output of the
   authentication algorithm (the tag).  In IPv6, padding of 4 octets is
   required to bring the AH header to a multiple of 64-bits.  No padding
   is required for IPv4.

Notes:

The original text fails to consider the rest of the AH header which is 12 octets plus the authentication data field.

Report New Errata



Advanced Search