RFC Errata
Found 3 records.
Status: Verified (2)
RFC 5996, "Internet Key Exchange Protocol Version 2 (IKEv2)", September 2010
Note: This RFC has been obsoleted by RFC 7296
Note: This RFC has been updated by RFC 5998, RFC 6989
Source of RFC: ipsecme (sec)
Errata ID: 2707
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Yaron Sheffer
Date Reported: 2011-02-06
Verifier Name: Sean Turner
Date Verified: 2011-03-26
Section 3.6 says:
[...] and also MUST be capable of being configured to send and accept the Hash and URL format (with HTTP URLs)
It should say:
[...] and also MUST be capable of being configured to send and accept the two Hash and URL formats (with HTTP URLs)
Notes:
This change from the original RFC 4306 text was made late in the process, responding to the Gen-Art reviewer comment. Factually, the document (earlier in the same section) defines two Hash and URL formats, making this sentence a clear inconsistency. The erratum is flagged as Technical because the text is normative.
Errata ID: 3036
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Valery Smyslov
Date Reported: 2011-11-26
Verifier Name: Sean Turner
Date Verified: 2011-11-27
Section 3.10 says:
[...] Of the notifications defined in this document, the SPI is included only with INVALID_SELECTORS and REKEY_SA.
It should say:
[...] Of the notifications defined in this document, the SPI is included only with INVALID_SELECTORS, REKEY_SA and CHILD_SA_NOT_FOUND.
Notes:
Original text was carried over from RFC4306 and contradicts with the text in section 2.25, which clearly says that SPI field in CHILD_SA_NOT_FOUND notification is populated. Notification CHILD_SA_NOT_FOUND was not defined in RFC4306, and the whole section 2.25 is new to RFC5996.
Status: Rejected (1)
RFC 5996, "Internet Key Exchange Protocol Version 2 (IKEv2)", September 2010
Note: This RFC has been obsoleted by RFC 7296
Note: This RFC has been updated by RFC 5998, RFC 6989
Source of RFC: ipsecme (sec)
Errata ID: 3718
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Gerald Smith
Date Reported: 2013-09-04
Rejected by: Stephen Farrell
Date Rejected: 2014-06-03
Section 3.15.3 says:
A client can be assigned an IPv6 address using the INTERNAL_IP6_ADDRESS Configuration payload. A minimal exchange might look like this: CP(CFG_REQUEST) = INTERNAL_IP6_ADDRESS() INTERNAL_IP6_DNS() TSi = (0, 0-65535, :: - FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF) TSr = (0, 0-65535, :: - FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF) CP(CFG_REPLY) = INTERNAL_IP6_ADDRESS(2001:DB8:0:1:2:3:4:5/64) INTERNAL_IP6_DNS(2001:DB8:99:88:77:66:55:44) TSi = (0, 0-65535, 2001:DB8:0:1:2:3:4:5 - 2001:DB8:0:1:2:3:4:5) TSr = (0, 0-65535, :: - FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF)
It should say:
CP(CFG_REPLY) = INTERNAL_IP6_ADDRESS(2001:DB8:0:1:2:3:4:5/64) INTERNAL_IP6_DNS(2001:DB8:99:88:77:66:55:44) TSi = (0, 0-65535, 2001:DB8:0:1:2:3:4:5 - 2001:DB8:0:1:2:3:4:5) TSr = (0, 0-65535, 2001:DB8:0:1:: - 2001:DB8:0:1:FFFF:FFFF:FFFF:FFFF)
Notes:
The INTERNAL_IP6_ADDRESS returned in the CFG_REPLY is a 64 bit subnet, but the TSr returned in the CFG_REPLY shows a 0 bit subnet instead of the 64 bit subnet.
Kathleen told me to reject this! (Based on ipsecme list discussion.)
--VERIFIER NOTES--
Kathleen told me to!