RFC Errata
RFC 4306, "Internet Key Exchange (IKEv2) Protocol", December 2005
Note: This RFC has been obsoleted by RFC 5996
Note: This RFC has been updated by RFC 5282
Source of RFC: ipsec (sec)
Errata ID: 2192
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Constantin Hagemeier
Date Reported: 2010-04-28
Held for Document Update by: Sean Turner
Section 3.3. says:
If there are multiple transforms with the same Transform Type, the proposal is an OR of those transforms. If there are multiple Transforms with different Transform Types, the proposal is an AND of the different groups. For example, to propose ESP with (3DES or
It should say:
If there are multiple transforms with the same Transform Type, those transforms constitute a group out of which exactly one transform is to be chosen. If there are multiple of those groups, the proposal is an AND of the choices out of the different groups. For example, to propose ESP with (3DES or
Notes:
Logically unclear. OR means AND/OR. But here you talk about XOR.
Furthermore has AND precedence before OR.