errata logo graphic

Found 2 records.

Status: Verified (1)

RFC5386, "Better-Than-Nothing Security: An Unauthenticated Mode of IPsec", November 2008

Source of RFC: btns (sec)

Errata ID: 1608

Status: Verified
Type: Technical

Reported By: Alfred Hoenes
Date Reported: 2008-11-18
Verifier Name: Tim Polk
Date Verified: 2008-11-19

Section 2, pg. 3 says:

   o  Any peer that uses an IKEv2 AUTH method involving a digital
      signature (made with a private key to a public key cryptosystem)
      may match a BTNS PAD entry, provided that it matches no non-BTNS
      PAD entries.  Suitable AUTH methods as of August 2007 are: RSA
|     Digital Signature (method #1) and DSS Digital Signature (method
      #3); see [RFC4306], Section 3.8.

It should say:

   o  Any peer that uses an IKEv2 AUTH method involving a digital
      signature (made with a private key to a public key cryptosystem)
      may match a BTNS PAD entry, provided that it matches no non-BTNS
      PAD entries.  Suitable AUTH methods as of August 2007 are: RSA
|     Digital Signature (method #1) and DSA Digital Signature (method
      #3); see [RFC4306], Section 3.8.

Notes:

Rationale:

When referring to an authentication method, i.e. an algorithm,
the acronym used should designate the algorithm.

There is a particular distinction in the NIST FIPS documents:
a trailing 'S' designtes a Standard, and a trailing 'A' designates
an Algorithm.
In particular, the DSS (Digital Signature Standard, FIPS 186-2/3)
describes three different algorithms:
- the NIST's Digital Signature Algorithm (DSA),
- the Elliptic Curve Digital Signature Algorithm (ECDSA), and
- the RSA signature algorithm.

Hence, to avoid any potential confusion, "DSA" should be used to
designate the particular algorithm listed as the first item above.


Status: Held for Document Update (1)

RFC5386, "Better-Than-Nothing Security: An Unauthenticated Mode of IPsec", November 2008

Source of RFC: btns (sec)

Errata ID: 1609

Status: Held for Document Update
Type: Editorial

Reported By: Alfred Hoenes
Date Reported: 2008-11-18
Held for Document Update by: Sean Turner

Section 3.1, pg.6 says:

<< immediately below Figure 2 >>

|  Note that [SG-A]'s PAD entry has one and only one wildcard PAD entry:
   the BTNS catch-all PAD entry as the last entry, as described in
   Section 2.

It should say:

|  Note that [SG-A]'s PAD has one and only one wildcard PAD entry:
   the BTNS catch-all PAD entry as the last entry, as described in
   Section 2.

Notes:

Rationale:

Designating the PAD (Peer Authentication Database) an an "entry"
is misleading, and particularly confusing when in the same line
a table row in that database is also designated as an "entry".


Report New Errata