[Gen-art] FW: [Technical Errata Reported] RFC4966 (3142)

<david.black@emc.com> Wed, 29 February 2012 19:56 UTC

Return-Path: <david.black@emc.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F11121F87BE for <gen-art@ietfa.amsl.com>; Wed, 29 Feb 2012 11:56:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.715
X-Spam-Level:
X-Spam-Status: No, score=-109.715 tagged_above=-999 required=5 tests=[AWL=0.884, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gnbqS0j-9dbn for <gen-art@ietfa.amsl.com>; Wed, 29 Feb 2012 11:56:24 -0800 (PST)
Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by ietfa.amsl.com (Postfix) with ESMTP id 5BA6721F87CC for <gen-art@ietf.org>; Wed, 29 Feb 2012 11:56:23 -0800 (PST)
Received: from hop04-l1d11-si01.isus.emc.com (HOP04-L1D11-SI01.isus.emc.com [10.254.111.54]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id q1TJuMux009084 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <gen-art@ietf.org>; Wed, 29 Feb 2012 14:56:22 -0500
Received: from mailhub.lss.emc.com (mailhubhoprd01.lss.emc.com [10.254.221.251]) by hop04-l1d11-si01.isus.emc.com (RSA Interceptor) for <gen-art@ietf.org>; Wed, 29 Feb 2012 14:56:05 -0500
Received: from mxhub05.corp.emc.com (mxhub05.corp.emc.com [128.222.70.202]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id q1TJu1qL030171 for <gen-art@ietf.org>; Wed, 29 Feb 2012 14:56:04 -0500
Received: from mx14a.corp.emc.com ([169.254.1.157]) by mxhub05.corp.emc.com ([128.222.70.202]) with mapi; Wed, 29 Feb 2012 14:56:03 -0500
From: <david.black@emc.com>
To: <gen-art@ietf.org>
Date: Wed, 29 Feb 2012 14:56:01 -0500
Thread-Topic: [Technical Errata Reported] RFC4966 (3142)
Thread-Index: Acz3GzmqLn5pgnVfS8Cr245D4RtKDAAAG/Gw
Message-ID: <7C4DFCE962635144B8FAE8CA11D0BF1E05AEC8CAD9@MX14A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EMM-MHVC: 1
Subject: [Gen-art] FW: [Technical Errata Reported] RFC4966 (3142)
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Feb 2012 19:56:25 -0000

FYI - this errata was the result of Gen-ART review of draft-ietf-behave-64-analysis-06
which found problems in a paragraph copied from RFC 4966.

Thanks,
--David

-----Original Message-----
From: RFC Errata System [mailto:rfc-editor@rfc-editor.org] 
Sent: Wednesday, February 29, 2012 2:43 PM
To: ietf@energizeurnet.com; elwynd@dial.pipex.com; rbonica@juniper.net; dromasca@avaya.com; fred.baker@cisco.com; joelja@bogus.com
Cc: Black, David; v6ops@ietf.org; rfc-editor@rfc-editor.org
Subject: [Technical Errata Reported] RFC4966 (3142)


The following errata report has been submitted for RFC4966,
"Reasons to Move the Network Address Translator - Protocol Translator (NAT-PT) to Historic Status".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata_search.php?rfc=4966&eid=3142

--------------------------------------
Type: Technical
Reported by: David L. Black <david.black@emc.com>

Section: 2.1

Original Text
-------------
Unless UDP encapsulation is used for IPsec [RFC3498], traffic using
IPsec AH (Authentication Header), in transport and tunnel mode, and
IPsec ESP (Encapsulating Security Payload), in transport mode, is
unable to be carried through NAT-PT without terminating the security
associations on the NAT-PT, due to their usage of cryptographic
integrity protection.

Corrected Text
--------------
IPsec traffic using AH (Authentication Header) [RFC4302] in both
transport and tunnel modes cannot be carried through NAT-PT without
terminating the security associations on the NAT-PT, due to the
inclusion of IP header fields in the scope of AH's cryptographic
integrity protection [RFC3715].  In addition, IPsec traffic using
ESP (Encapsulating Security Payload) [RFC4303] in transport mode
generally uses UDP encapsulation [RFC3948] for NAT traversal
(including NAT-PT traversal) in order to avoid the problems
described in [RFC3715].


Notes
-----
This RFC4966 text was copied into draft-ietf-behave-64-analysis-06.
Gen-ART review of that draft found that the statement was incorrect
for ESP.  The correct explanations of the problems (in great detail)
can be found in RFC 3715.

Instructions:
-------------
This errata is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party (IESG)
can log in to change the status and edit the report, if necessary. 

--------------------------------------
RFC4966 (draft-ietf-v6ops-natpt-to-historic-00)
--------------------------------------
Title               : Reasons to Move the Network Address Translator - Protocol Translator (NAT-PT) to Historic Status
Publication Date    : July 2007
Author(s)           : C. Aoun, E. Davies
Category            : INFORMATIONAL
Source              : IPv6 Operations
Area                : Operations and Management
Stream              : IETF
Verifying Party     : IESG