[Gen-art] FW: [Technical Errata Reported] RFC4966 (3142)
<david.black@emc.com> Wed, 29 February 2012 19:56 UTC
Return-Path: <david.black@emc.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id 1F11121F87BE for <gen-art@ietfa.amsl.com>;
Wed, 29 Feb 2012 11:56:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.715
X-Spam-Level:
X-Spam-Status: No, score=-109.715 tagged_above=-999 required=5 tests=[AWL=0.884,
BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gnbqS0j-9dbn for
<gen-art@ietfa.amsl.com>; Wed, 29 Feb 2012 11:56:24 -0800 (PST)
Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20])
by ietfa.amsl.com (Postfix) with ESMTP id 5BA6721F87CC for <gen-art@ietf.org>;
Wed, 29 Feb 2012 11:56:23 -0800 (PST)
Received: from hop04-l1d11-si01.isus.emc.com (HOP04-L1D11-SI01.isus.emc.com
[10.254.111.54]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with
ESMTP id q1TJuMux009084 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA
bits=256 verify=NO) for <gen-art@ietf.org>; Wed, 29 Feb 2012 14:56:22 -0500
Received: from mailhub.lss.emc.com (mailhubhoprd01.lss.emc.com
[10.254.221.251]) by hop04-l1d11-si01.isus.emc.com (RSA Interceptor) for
<gen-art@ietf.org>; Wed, 29 Feb 2012 14:56:05 -0500
Received: from mxhub05.corp.emc.com (mxhub05.corp.emc.com [128.222.70.202]) by
mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id q1TJu1qL030171
for <gen-art@ietf.org>; Wed, 29 Feb 2012 14:56:04 -0500
Received: from mx14a.corp.emc.com ([169.254.1.157]) by mxhub05.corp.emc.com
([128.222.70.202]) with mapi; Wed, 29 Feb 2012 14:56:03 -0500
From: <david.black@emc.com>
To: <gen-art@ietf.org>
Date: Wed, 29 Feb 2012 14:56:01 -0500
Thread-Topic: [Technical Errata Reported] RFC4966 (3142)
Thread-Index: Acz3GzmqLn5pgnVfS8Cr245D4RtKDAAAG/Gw
Message-ID: <7C4DFCE962635144B8FAE8CA11D0BF1E05AEC8CAD9@MX14A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EMM-MHVC: 1
Subject: [Gen-art] FW: [Technical Errata Reported] RFC4966 (3142)
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>,
<mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>,
<mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Feb 2012 19:56:25 -0000
FYI - this errata was the result of Gen-ART review of draft-ietf-behave-64-analysis-06 which found problems in a paragraph copied from RFC 4966. Thanks, --David -----Original Message----- From: RFC Errata System [mailto:rfc-editor@rfc-editor.org] Sent: Wednesday, February 29, 2012 2:43 PM To: ietf@energizeurnet.com; elwynd@dial.pipex.com; rbonica@juniper.net; dromasca@avaya.com; fred.baker@cisco.com; joelja@bogus.com Cc: Black, David; v6ops@ietf.org; rfc-editor@rfc-editor.org Subject: [Technical Errata Reported] RFC4966 (3142) The following errata report has been submitted for RFC4966, "Reasons to Move the Network Address Translator - Protocol Translator (NAT-PT) to Historic Status". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=4966&eid=3142 -------------------------------------- Type: Technical Reported by: David L. Black <david.black@emc.com> Section: 2.1 Original Text ------------- Unless UDP encapsulation is used for IPsec [RFC3498], traffic using IPsec AH (Authentication Header), in transport and tunnel mode, and IPsec ESP (Encapsulating Security Payload), in transport mode, is unable to be carried through NAT-PT without terminating the security associations on the NAT-PT, due to their usage of cryptographic integrity protection. Corrected Text -------------- IPsec traffic using AH (Authentication Header) [RFC4302] in both transport and tunnel modes cannot be carried through NAT-PT without terminating the security associations on the NAT-PT, due to the inclusion of IP header fields in the scope of AH's cryptographic integrity protection [RFC3715]. In addition, IPsec traffic using ESP (Encapsulating Security Payload) [RFC4303] in transport mode generally uses UDP encapsulation [RFC3948] for NAT traversal (including NAT-PT traversal) in order to avoid the problems described in [RFC3715]. Notes ----- This RFC4966 text was copied into draft-ietf-behave-64-analysis-06. Gen-ART review of that draft found that the statement was incorrect for ESP. The correct explanations of the problems (in great detail) can be found in RFC 3715. Instructions: ------------- This errata is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -------------------------------------- RFC4966 (draft-ietf-v6ops-natpt-to-historic-00) -------------------------------------- Title : Reasons to Move the Network Address Translator - Protocol Translator (NAT-PT) to Historic Status Publication Date : July 2007 Author(s) : C. Aoun, E. Davies Category : INFORMATIONAL Source : IPv6 Operations Area : Operations and Management Stream : IETF Verifying Party : IESG