RFC Errata
RFC 4025, "A Method for Storing IPsec Keying Material in DNS", March 2005
Source of RFC: ipseckey (sec)See Also: RFC 4025 w/ inline errata
Errata ID: 7402
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Tobias Brunner
Date Reported: 2023-03-23
Date Verified: 2023-08-02
Section 2.1 says:
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | precedence | gateway type | algorithm | gateway | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-------------+ + ~ gateway ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
It should say:
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | precedence | gateway type | algorithm | gateway | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+---------------+ + ~ gateway ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Notes:
Section 2.4 does not explicitly specify a length for the algorithm field (unlike section 2.2 does for the precedence field). But using only 7 bits for it after the preceding two fields used 8 bits is quite unexpected. So this seems like a mistake in this diagram. Note that the BIND DNS server already uses 8 bits for the algorithm field.