RFC Errata
RFC 5106, "The Extensible Authentication Protocol-Internet Key Exchange Protocol version 2 (EAP-IKEv2) Method", February 2008
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
See Also: RFC 5106 w/ inline errata
Errata ID: 1338
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2008-03-03
Verifier Name: Sean Turner
Date Verified: 2010-07-30
Section 7, pg. 14/15 says:
Only after receiving message 6, the server SHOULD respond with an << page break >> authentication failure notification, i.e., a message conforming to | message 6 in Figure 10. The purpose of this behaviour is to prevent an adversary from probing the EAP-IKEv2 peer identifier space.
It should say:
Only after receiving message 6, the server SHOULD respond with an authentication failure notification, i.e., a message conforming to | message 7 in Figure 10. The purpose of this behaviour is to prevent an adversary from probing the EAP-IKEv2 peer identifier space.
Notes:
Rationale: See Figure 10 in Appendix A (on page 30).
Note: The RFC contains Figure 1..6, 10, and 11, but no Figure 7..9 !