RFC 3967, "Clarifying when Standards Track Documents may Refer Normatively to Documents at a Lower Level", December 2004Source of RFC: IETF - NON WORKING GROUP
Area Assignment: gen
Errata ID: 201
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2005-01-00
Rejected by: Russ Housley
Normative references to HMAC in future IETF Standards Track documents should always refer to FIPS-198 instead of RFC 2104.
reading the fresh RFC 3967 (== BCP 97), I found that this memo uses examples which are well known, but not very appropriate, for the desired purpose: (1) HMAC [RFC2104] This algorithm - since almost three years - is a US Federal Information Processing Standard! ( FIPS PUB 198, issued '2002 March 6' ; to download a PDF copy (updated '2002 April 8'), see <http://crc.nist.gov/publications/fips/index.html> ) This is an active standard published by a recognized standards body. Therefore, *Normative References* to HMAC in future IETF Standards Track documents should always refer to FIPS-198 instead of RFC 2104 !
It should say:
FIPS-198 in turn refers to RFC 2104 as a readily available
source document for the algorithm, but gives a detailed,
independent description of the algorithm and its application.
Expect alternative MAC algorithms like UMAC, TTMAC, EMAC,
and RMAC to get formally standardized soon by various Standards
Bodies. For example, the former three Algorithms are already
(since Feb. 2003) recommended for new applications to be used in
the public administration and economy within the European Union.
This has been the result of the NESSIE project - an open contest
similar to the AES contest of NIST's), see
2021-10-06: moved from Held for Document Update to Rejected per request from Murray Kucherawy. This erratum was reviewed while working on a bis document.