RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 3 records.

Status: Reported (2)

RFC 7296, "Internet Key Exchange Protocol Version 2 (IKEv2)", October 2014

Source of RFC: ipsecme (sec)

Errata ID: 5056

Status: Reported
Type: Technical

Reported By: Michael Taylor
Date Reported: 2017-06-29

Section 1.7 says:

   This document removes discussion of the INTERNAL_ADDRESS_EXPIRY
   configuration attribute because its implementation was very
   problematic.  Implementations that conform to this document MUST
   ignore proposals that have configuration attribute type 5, the old
   value for INTERNAL_ADDRESS_EXPIRY 

It should say:

Unclear what it should be

Notes:

Configuration attribute 5, INTERNAL_ADDRESS_EXPIRY, is a type of attribute in a configuration payload. It is not an attribute in a proposal. As documented in Section 2.7 proposals are part of an SA payload.

An SA payload consists of one or more proposals. Each proposal
includes one protocol. Each protocol contains one or more transforms
-- each specifying a cryptographic algorithm. Each transform
contains zero or more attributes (attributes are needed only if the
Transform ID does not completely specify the cryptographic
algorithm).

So the correct behavior when one receives a *configuration* payload with INTERNAL_ADDRESS_EXPIRY cannot be to ignore a proposal. Was the intent to say that the configuration payload should be ignored? Was the intent to say that the configuration payload should be processed but the INTERNAL_ADDRESS_EXPIRY attribute ignored? Clearly these choices would result in radically different outcomes for the negotiation.

Errata ID: 4930

Status: Reported
Type: Editorial

Reported By: Nikolai Malykh
Date Reported: 2017-02-08

Section 3.16 says:

   Note that since IKE passes an indication of initiator identity in the
   first message in the IKE_AUTH exchange, the responder SHOULD NOT send
   EAP Identity requests.  The initiator MAY, however, respond to such
   requests if it receives them.

Notes:

The last sentence of this section contains unnecessary repetition written above (the last sentence in description of Type field).

Status: Held for Document Update (1)

RFC 7296, "Internet Key Exchange Protocol Version 2 (IKEv2)", October 2014

Source of RFC: ipsecme (sec)

Errata ID: 4387

Status: Held for Document Update
Type: Editorial

Reported By: Yoav Nir
Date Reported: 2015-06-04
Held for Document Update by: Stephen Farrell
Date Held: 2015-06-04

Section 3.7 says:

   The Certificate Request payload, denoted CERTREQ in this document,
   provides a means to request preferred certificates via IKE and can
   appear in the IKE_INIT_SA response and/or the IKE_AUTH request.
   Certificate Request payloads MAY be included in an exchange when the
   sender needs to get the certificate of the receiver.

It should say:

   The Certificate Request payload, denoted CERTREQ in this document,
   provides a means to request preferred certificates via IKE and can
   appear in the IKE_SA_INIT response and/or the IKE_AUTH request.
   Certificate Request payloads MAY be included in an exchange when the
   sender needs to get the certificate of the receiver.

Notes:

IKE_SA_INIT is mis-spelled as IKE_INIT_SA this one time.

Report New Errata



Search RFCs
Advanced Search
×