RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

RFC 5282, "Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol", August 2008

Area Assignment: sec

Errata ID: 5109

Status: Reported
Type: Technical

Reported By: Andrew Cagney
Date Reported: 2017-09-08

Section 8. says:

8.  IKEv2 Algorithm Selection

   This section applies to the use of any authenticated encryption
   algorithm with the IKEv2 Encrypted Payload and is unique to that

   IKEv2 (Section 3.3.3 of [RFC4306]) specifies that both an encryption
   algorithm and an integrity checking algorithm are required for an IKE
   SA (Security Association).  This document updates [RFC4306] to
   require that when an authenticated encryption algorithm is selected
   as the encryption algorithm for any SA (IKE or ESP), an integrity
   algorithm MUST NOT be selected for that SA.  This document further
   updates [RFC4306] to require that if all of the encryption algorithms
   in any proposal are authenticated encryption algorithms, then the
   proposal MUST NOT propose any integrity transforms.

It should say:

8.  IKEv2 Algorithm Selection

IKEv2 [rfc7296], section 3.3. Security Association Payload, specifies
AEAD algorithm selection.


RFC-7296 and RFC-5282 contradict each other (yet RFC-7296 cites RFC-5282 without any

- RFC-7296 explicitly disallows mixing AEAD and non-AEAD algorithms in a single
proposal; RFC-5282 does not (and strongly implies it is allowed)

- RFC-7296 allows 'none' integrity in an AEAD-only proposal; RFC-5282 does not

Report New Errata