errata logo graphic

Found 2 records.

Status: Verified (2)

RFC4966, "Reasons to Move the Network Address Translator - Protocol Translator (NAT-PT) to Historic Status", July 2007

Source of RFC: v6ops (ops)

Errata ID: 1306

Status: Verified
Type: Technical

Reported By: Brian Carpenter
Date Reported: 2008-01-29
Verifier Name: Ron Bonica
Date Verified: 2009-10-06

Throughout the document, when it says:

[RFC3498] 

It should say:

[RFC3948]

Notes:

All citations of [RFC3498] are intended to be [RFC3948]


Errata ID: 3142

Status: Verified
Type: Technical

Reported By: David L. Black
Date Reported: 2012-02-29
Verifier Name: Ron Bonica
Date Verified: 2012-03-06

Section 2.1 says:

Unless UDP encapsulation is used for IPsec [RFC3498], traffic using
IPsec AH (Authentication Header), in transport and tunnel mode, and
IPsec ESP (Encapsulating Security Payload), in transport mode, is
unable to be carried through NAT-PT without terminating the security
associations on the NAT-PT, due to their usage of cryptographic
integrity protection.

It should say:

IPsec traffic using AH (Authentication Header) [RFC4302] in both
transport and tunnel modes cannot be carried through NAT-PT without
terminating the security associations on the NAT-PT, due to the
inclusion of IP header fields in the scope of AH's cryptographic
integrity protection [RFC3715].  In addition, IPsec traffic using
ESP (Encapsulating Security Payload) [RFC4303] in transport mode
generally uses UDP encapsulation [RFC3948] for NAT traversal
(including NAT-PT traversal) in order to avoid the problems
described in [RFC3715].

Notes:

This RFC4966 text was copied into draft-ietf-behave-64-analysis-06.
Gen-ART review of that draft found that the statement was incorrect
for ESP. The correct explanations of the problems (in great detail)
can be found in RFC 3715.


Report New Errata