RFC Errata
RFC 4301, "Security Architecture for the Internet Protocol", December 2005
Note: This RFC has been updated by RFC 6040, RFC 7619
Source of RFC: ipsec (sec)
Errata ID: 2181
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Constantin Hagemeier
Date Reported: 2010-04-28
Held for Document Update by: Tim Polk
Section 4.4.3.1. says:
The Key ID field is defined as an OCTET string in IKE. For this name type, only exact-match syntax MUST be supported (since there is no explicit structure for this ID type). Additional matching functions MAY be supported for this ID type.
It should say:
The Key ID field is defined as an OCTET string in IKE. For this name type, exact-match syntax MUST be supported (since there is no explicit structure for this ID type). Additional matching functions MAY be supported for this ID type.
Notes:
'only A must be supported' is ambigous.
Does it mean 'A must be supportet and anything else must not be supportet', or does it mean 'A must be supportet and anything else may be supportet'. The next sentence clearifies that it is the second interpretation.