RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

RFC 4301, "Security Architecture for the Internet Protocol", December 2005

Source of RFC: ipsec (sec)

Errata ID: 6635
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: Isaac Lewis
Date Reported: 2021-07-09
Rejected by: Benjamin Kaduk
Date Rejected: 2021-07-21

Section 3.2 says:

Note that ESP can be used to provide only integrity, without
confidentiality, making it comparable to AH in most contexts.

It should say:

Note that ESP can be used to provide both integrity and


The original sentence contradicts the following one in the same section:

o The Encapsulating Security Payload (ESP) protocol [Ken05a] offers
the same set of services, and also offers confidentiality.
The original text is conveying the intended sentiment, namely that: despite primarily being a mechanism to provide both confidentiality and integrity protection, ESP can also be configured in a mode that only provides integrity protection and not confidentiality protection. Such a mode is essentially directly analogous to what AH provides, and thus this statement supports the downgrading of AH support to only a MAY-level requirement.

Report New Errata

Advanced Search