RFC 4302, "IP Authentication Header", December 2005Source of RFC: ipsec (sec)
Errata ID: 2188
Publication Format(s) : TEXT
Reported By: Constantin Hagemeier
Date Reported: 2010-04-28
Rejected by: Sean Turner
Date Rejected: 2010-07-30
Section 220.127.116.11.2. says:
If padding bytes are needed but the algorithm does not specify the padding contents, then the padding octets MUST have a value of zero.
It should say:
The padding bytes MUST be zero. The algorithm MUST NOT specify anything else.
This is forced two times in this RFC4302, namely before in this
section 18.104.22.168.2 and in 3.4.4 .
Section 3.4.4 deals with verification of the ICV, whereas section 3.3.3 deal with generation of an ICV. Thus discussion of padding is needed in both contexts and is not redundant. The text should remain as it is.