[Openswan dev] [IPsec] [Technical Errata Reported] RFC5996 (3036) (fwd)

Paul Wouters paul at xelerance.com
Sun Nov 27 15:19:30 EST 2011

---------- Forwarded message ----------
Date: Sat, 26 Nov 2011 05:53:21
From: RFC Errata System <rfc-editor at rfc-editor.org>
Cc: ipsec at ietf.org, valery at smyslov.net, rfc-editor at rfc-editor.org
To: charliek at microsoft.com, paul.hoffman at vpnc.org, ynir at checkpoint.com,
     pe at iki.fi, stephen.farrell at cs.tcd.ie, turners at ieca.com,
     paul.hoffman at vpnc.org, yaronf.ietf at gmail.com
Subject: [IPsec] [Technical Errata Reported] RFC5996 (3036)
X-Spam-Flag: NO

The following errata report has been submitted for RFC5996,
"Internet Key Exchange Protocol Version 2 (IKEv2)".

You may review the report below and at:

Type: Technical
Reported by: Valery Smyslov <valery at smyslov.net>

Section: 3.10

Original Text
       [...] Of the notifications defined in this document, the SPI is
       included only with INVALID_SELECTORS and REKEY_SA.

Corrected Text
       [...] Of the notifications defined in this document, the SPI is
       included only with INVALID_SELECTORS, REKEY_SA and CHILD_SA_NOT_FOUND.

Original text was carried over from RFC4306 and contradicts with the text in section 2.25, which clearly says that SPI field in CHILD_SA_NOT_FOUND notification is populated. Notification CHILD_SA_NOT_FOUND was not defined in RFC4306, and the whole section 2.25 is new to RFC5996.

This errata is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party (IESG)
can log in to change the status and edit the report, if necessary.

RFC5996 (draft-ietf-ipsecme-ikev2bis-11)
Title               : Internet Key Exchange Protocol Version 2 (IKEv2)
Publication Date    : September 2010
Author(s)           : C. Kaufman, P. Hoffman, Y. Nir, P. Eronen
Category            : PROPOSED STANDARD
Source              : IP Security Maintenance and Extensions
Area                : Security
Stream              : IETF
Verifying Party     : IESG
IPsec mailing list
IPsec at ietf.org

More information about the Dev mailing list