errata logo graphic

RFC4543, "The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH", May 2006

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 1821

Status: Verified
Type: Technical

Reported By: Pasi Eronen
Date Reported: 2009-07-30
Verifier Name: Pasi Eronen
Date Verified: 2009-10-08

Section 9 says:

(nothing)

It should say:

The following text should have been included in Section 9:

For the negotiation of AES-GMAC in AH with IKEv1, the following
values have been assigned in the IPsec AH Transform Identifiers
registry (in isakmp-registry). Note that IKEv1 and IKEv2 use
different transform identifiers.

   "11" for AH_AES-128-GMAC

   "12" for AH_AES-192-GMAC

   "13" for AH_AES-256-GMAC

In addition, the following values have been assigned in the
Authentication Algorithms registry (in isakmp-registry):

   "11" for AES-128-GMAC

   "12" for AES-192-GMAC

   "13" for AES-256-GMAC

For the negotiation of AES-GMAC in ESP with IKEv1, the following
value has been assigned from the IPsec ESP Transform Identifiers
registry (in isakmp-registry). Note that IKEv1 and IKEv2 use a
different transform identifier.

   "23" for ESP_NULL_AUTH_AES-GMAC

Notes:

Found by Soo-Fei Chew (ipsec@ietf.org list, 2009-04-09);
approved by IESG in 2009-06-04 telechat.


Report New Errata