RFC Errata
Found 2 records.
Status: Verified (2)
RFC 4966, "Reasons to Move the Network Address Translator - Protocol Translator (NAT-PT) to Historic Status", July 2007
Source of RFC: v6ops (ops)
Errata ID: 1306
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Brian Carpenter
Date Reported: 2008-01-29
Verifier Name: Ron Bonica
Date Verified: 2009-10-06
Throughout the document, when it says:
[RFC3498]
It should say:
[RFC3948]
Notes:
All citations of [RFC3498] are intended to be [RFC3948]
Errata ID: 3142
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: David L. Black
Date Reported: 2012-02-29
Verifier Name: Ron Bonica
Date Verified: 2012-03-06
Section 2.1 says:
Unless UDP encapsulation is used for IPsec [RFC3498], traffic using IPsec AH (Authentication Header), in transport and tunnel mode, and IPsec ESP (Encapsulating Security Payload), in transport mode, is unable to be carried through NAT-PT without terminating the security associations on the NAT-PT, due to their usage of cryptographic integrity protection.
It should say:
IPsec traffic using AH (Authentication Header) [RFC4302] in both transport and tunnel modes cannot be carried through NAT-PT without terminating the security associations on the NAT-PT, due to the inclusion of IP header fields in the scope of AH's cryptographic integrity protection [RFC3715]. In addition, IPsec traffic using ESP (Encapsulating Security Payload) [RFC4303] in transport mode generally uses UDP encapsulation [RFC3948] for NAT traversal (including NAT-PT traversal) in order to avoid the problems described in [RFC3715].
Notes:
This RFC4966 text was copied into draft-ietf-behave-64-analysis-06.
Gen-ART review of that draft found that the statement was incorrect
for ESP. The correct explanations of the problems (in great detail)
can be found in RFC 3715.