RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 2402, "IP Authentication Header", November 1998

Note: This RFC has been obsoleted by RFC 4302, RFC 4305

Source of RFC: ipsec (sec)
See Also: RFC 2402 w/ inline errata

Errata ID: 6953
Status: Verified
Type: Editorial
Publication Format(s) : TEXT

Reported By: J Foster
Date Reported: 2022-05-03
Date Verified: 2023-08-02

Section 2. (6) says:

2.6  Authentication Data

   This is a variable-length field that contains the Integrity Check
   Value (ICV) for this packet.  The field must be an integral multiple
   of 32 bits in length.  The details of the ICV computation are
   described in Section 3.3.2 below.  This field may include explicit
   padding.  This padding is included to ensure that the length of the
   AH header is an integral multiple of 32 bits (IPv4) or 64 bits
   (IPv6).  All implementations MUST support such padding.  Details of
   how to compute the required padding length are provided below.  The
   authentication algorithm specification MUST specify the length of the
   ICV and the comparison rules and processing steps for validation.

It should say:

2.6  Authentication Data

   This is a variable-length field that contains the Integrity Check
   Value (ICV) for this packet.  The field must be an integral multiple
   of 32 bits in length.  The details of the ICV computation are
   described in Section 3.3.3 below.  This field may include explicit
   padding.  This padding is included to ensure that the length of the
   AH header is an integral multiple of 32 bits (IPv4) or 64 bits
   (IPv6).  All implementations MUST support such padding.  Details of
   how to compute the required padding length are provided below.  The
   authentication algorithm specification MUST specify the length of the
   ICV and the comparison rules and processing steps for validation.

Notes:

The section referenced for ICV computation is currently 3.3.2 (Sequence Number Generation). I believe this to be an error, and that 3.3.3 (Integrity Check Value Calculation) was the intended reference.

Report New Errata



Advanced Search