RFC Errata
Found 2 records.
Status: Verified (1)
RFC 5386, "Better-Than-Nothing Security: An Unauthenticated Mode of IPsec", November 2008
Source of RFC: btns (sec)
Errata ID: 1608
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2008-11-18
Verifier Name: Tim Polk
Date Verified: 2008-11-19
Section 2, pg. 3 says:
o Any peer that uses an IKEv2 AUTH method involving a digital
signature (made with a private key to a public key cryptosystem)
may match a BTNS PAD entry, provided that it matches no non-BTNS
PAD entries. Suitable AUTH methods as of August 2007 are: RSA
| Digital Signature (method #1) and DSS Digital Signature (method
#3); see [RFC4306], Section 3.8.
It should say:
o Any peer that uses an IKEv2 AUTH method involving a digital
signature (made with a private key to a public key cryptosystem)
may match a BTNS PAD entry, provided that it matches no non-BTNS
PAD entries. Suitable AUTH methods as of August 2007 are: RSA
| Digital Signature (method #1) and DSA Digital Signature (method
#3); see [RFC4306], Section 3.8.
Notes:
Rationale:
When referring to an authentication method, i.e. an algorithm,
the acronym used should designate the algorithm.
There is a particular distinction in the NIST FIPS documents:
a trailing 'S' designtes a Standard, and a trailing 'A' designates
an Algorithm.
In particular, the DSS (Digital Signature Standard, FIPS 186-2/3)
describes three different algorithms:
- the NIST's Digital Signature Algorithm (DSA),
- the Elliptic Curve Digital Signature Algorithm (ECDSA), and
- the RSA signature algorithm.
Hence, to avoid any potential confusion, "DSA" should be used to
designate the particular algorithm listed as the first item above.
Status: Held for Document Update (1)
RFC 5386, "Better-Than-Nothing Security: An Unauthenticated Mode of IPsec", November 2008
Source of RFC: btns (sec)
Errata ID: 1609
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2008-11-18
Held for Document Update by: Sean Turner
Section 3.1, pg.6 says:
<< immediately below Figure 2 >> | Note that [SG-A]'s PAD entry has one and only one wildcard PAD entry: the BTNS catch-all PAD entry as the last entry, as described in Section 2.
It should say:
| Note that [SG-A]'s PAD has one and only one wildcard PAD entry: the BTNS catch-all PAD entry as the last entry, as described in Section 2.
Notes:
Rationale:
Designating the PAD (Peer Authentication Database) an an "entry"
is misleading, and particularly confusing when in the same line
a table row in that database is also designated as an "entry".