RFC Errata


Errata Search
 
Source of RFC  
Summary Table Full Records

RFC 7296, "Internet Key Exchange Protocol Version 2 (IKEv2)", October 2014

Note: This RFC has been updated by RFC 7427, RFC 7670, RFC 8247, RFC 8983, RFC 9370

Source of RFC: ipsecme (sec)

Errata ID: 5056
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Michael Taylor
Date Reported: 2017-06-29
Held for Document Update by: Paul Wouters
Date Held: 2022-04-11

Section 1.7 says: 

   This document removes discussion of the INTERNAL_ADDRESS_EXPIRY
   configuration attribute because its implementation was very
   problematic.  Implementations that conform to this document MUST
   ignore proposals that have configuration attribute type 5, the old
   value for INTERNAL_ADDRESS_EXPIRY

It should say:

Unclear what it should be

Notes:

Configuration attribute 5, INTERNAL_ADDRESS_EXPIRY, is a type of attribute in a configuration payload. It is not an attribute in a proposal. As documented in Section 2.7 proposals are part of an SA payload.

An SA payload consists of one or more proposals. Each proposal
includes one protocol. Each protocol contains one or more transforms
-- each specifying a cryptographic algorithm. Each transform
contains zero or more attributes (attributes are needed only if the
Transform ID does not completely specify the cryptographic
algorithm).

So the correct behavior when one receives a *configuration* payload with INTERNAL_ADDRESS_EXPIRY cannot be to ignore a proposal. Was the intent to say that the configuration payload should be ignored? Was the intent to say that the configuration payload should be processed but the INTERNAL_ADDRESS_EXPIRY attribute ignored? Clearly these choices would result in radically different outcomes for the negotiation.

Paul Wouters:

This comment is about the use of the word "proposal" which I agree is open to wrong interpretation. My suggestion would be:

Current:

Implementations that conform to this document MUST
ignore proposals that have configuration attribute type 5, the old
value for INTERNAL_ADDRESS_EXPIRY

Proposed:

Implementations that conform to this document MUST
process configuration attribute value 5 similar to
any other unknown Attribute Type.

It is mostly obvious that only the attribute type should be ignored, not the entire proposal. Therefor Held for Document update as it does not affect implementations but the wording should be improved in future versions of the document

Report New Errata



Advanced Search