RFC Errata
RFC 4543, "The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH", May 2006
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
See Also: RFC 4543 w/ inline errata
Errata ID: 1821
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Pasi Eronen
Date Reported: 2009-07-30
Verifier Name: Pasi Eronen
Date Verified: 2009-10-08
Section 9 says:
(nothing)
It should say:
The following text should have been included in Section 9: For the negotiation of AES-GMAC in AH with IKEv1, the following values have been assigned in the IPsec AH Transform Identifiers registry (in isakmp-registry). Note that IKEv1 and IKEv2 use different transform identifiers. "11" for AH_AES-128-GMAC "12" for AH_AES-192-GMAC "13" for AH_AES-256-GMAC In addition, the following values have been assigned in the Authentication Algorithms registry (in isakmp-registry): "11" for AES-128-GMAC "12" for AES-192-GMAC "13" for AES-256-GMAC For the negotiation of AES-GMAC in ESP with IKEv1, the following value has been assigned from the IPsec ESP Transform Identifiers registry (in isakmp-registry). Note that IKEv1 and IKEv2 use a different transform identifier. "23" for ESP_NULL_AUTH_AES-GMAC
Notes:
Found by Soo-Fei Chew (ipsec@ietf.org list, 2009-04-09);
approved by IESG in 2009-06-04 telechat.