RFC Errata
RFC 7296, "Internet Key Exchange Protocol Version 2 (IKEv2)", October 2014
Note: This RFC has been updated by RFC 7427, RFC 7670, RFC 8247, RFC 8983, RFC 9370
Source of RFC: ipsecme (sec)See Also: RFC 7296 w/ inline errata
Errata ID: 6940
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: warren.wang
Date Reported: 2022-04-21
Verifier Name: Paul Wouters
Date Verified: 2023-07-28
Section .10 says:
o SPI Size (1 octet) - Length in octets of the SPI as defined by the IPsec protocol ID or zero if no SPI is applicable. For a notification concerning the IKE SA, the SPI Size MUST be zero and the field must be empty.
It should say:
o SPI Size (1 octet) - Length in octets of the SPI as defined by the IPsec protocol ID or zero if no SPI is applicable. For a notification concerning the IKE SA, the SPI Size MUST be zero and the SPI field must be empty.
Notes:
the field must be empty -> the SPI field must be empty
additional question: so for a notification concerning the IKE SA, the Protocol ID field still shall be zero?
Yes, for IKE SA notifications the SPI can be seen from the header, thus there is no point of repeating the SPIs in notify payload. The Protocol ID field of the notification payload indicates which type of SPI is inside the notification payload, thus if there is no SPI in there, then there is no point of having Protocol ID either.