RFC5116, "An Interface and Algorithms for Authenticated Encryption", January 2008

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 4008

Status: Reported
Type: Technical

Reported By: Tapio Sokura
Date Reported: 2014-06-08

Section 2.2 says:

The
authenticated decrypt operation will, with high probability, return
FAIL whenever the inputs N, P, and A were crafted by a nonce-
respecting adversary that does not know the secret key (assuming that
the AEAD algorithm is secure).

It should say:

The
authenticated decrypt operation will, with high probability, return
FAIL whenever the inputs N, C, and A were crafted by a nonce-
respecting adversary that does not know the secret key (assuming that
the AEAD algorithm is secure).

Notes:

Inputs to the authenticated decrypt operation do not include plaintext P, but instead includes ciphertext C.