errata logo graphic

Found 3 records.

Status: Verified (2)

RFC5996, "Internet Key Exchange Protocol Version 2 (IKEv2)", September 2010

Source of RFC: ipsecme (sec)

Errata ID: 2707

Status: Verified
Type: Technical

Reported By: Yaron Sheffer
Date Reported: 2011-02-06
Verifier Name: Sean Turner
Date Verified: 2011-03-26

Section 3.6 says:

[...] and also MUST be capable of being configured to send and accept the Hash and URL format (with HTTP URLs)

It should say:

[...] and also MUST be capable of being configured to send and accept the two Hash and URL formats (with HTTP URLs)

Notes:

This change from the original RFC 4306 text was made late in the process, responding to the Gen-Art reviewer comment. Factually, the document (earlier in the same section) defines two Hash and URL formats, making this sentence a clear inconsistency. The erratum is flagged as Technical because the text is normative.


Errata ID: 3036

Status: Verified
Type: Technical

Reported By: Valery Smyslov
Date Reported: 2011-11-26
Verifier Name: Sean Turner
Date Verified: 2011-11-27

Section 3.10 says:

      [...] Of the notifications defined in this document, the SPI is
      included only with INVALID_SELECTORS and REKEY_SA.


It should say:

      [...] Of the notifications defined in this document, the SPI is
      included only with INVALID_SELECTORS, REKEY_SA and CHILD_SA_NOT_FOUND.

Notes:

Original text was carried over from RFC4306 and contradicts with the text in section 2.25, which clearly says that SPI field in CHILD_SA_NOT_FOUND notification is populated. Notification CHILD_SA_NOT_FOUND was not defined in RFC4306, and the whole section 2.25 is new to RFC5996.


Status: Reported (1)

RFC5996, "Internet Key Exchange Protocol Version 2 (IKEv2)", September 2010

Source of RFC: ipsecme (sec)

Errata ID: 3718

Status: Reported
Type: Technical

Reported By: Gerald Smith
Date Reported: 2013-09-04

Section 3.15.3 says:

A client can be assigned an IPv6 address using the
INTERNAL_IP6_ADDRESS Configuration payload. A minimal exchange might
look like this:

CP(CFG_REQUEST) =
INTERNAL_IP6_ADDRESS()
INTERNAL_IP6_DNS()
TSi = (0, 0-65535, :: - FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF)
TSr = (0, 0-65535, :: - FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF)

CP(CFG_REPLY) =
INTERNAL_IP6_ADDRESS(2001:DB8:0:1:2:3:4:5/64)
INTERNAL_IP6_DNS(2001:DB8:99:88:77:66:55:44)
TSi = (0, 0-65535, 2001:DB8:0:1:2:3:4:5 - 2001:DB8:0:1:2:3:4:5)
TSr = (0, 0-65535, :: - FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF)

It should say:

CP(CFG_REPLY) =
INTERNAL_IP6_ADDRESS(2001:DB8:0:1:2:3:4:5/64)
INTERNAL_IP6_DNS(2001:DB8:99:88:77:66:55:44)
TSi = (0, 0-65535, 2001:DB8:0:1:2:3:4:5 - 2001:DB8:0:1:2:3:4:5)
TSr = (0, 0-65535, 2001:DB8:0:1:: - 2001:DB8:0:1:FFFF:FFFF:FFFF:FFFF)

Notes:

The INTERNAL_IP6_ADDRESS returned in the CFG_REPLY is a 64 bit subnet, but the TSr returned in the CFG_REPLY shows a 0 bit subnet instead of the 64 bit subnet.


Report New Errata