[Gen-art] FW: [Technical Errata Reported] RFC4966 (3142)

<david.black@emc.com> Wed, 29 February 2012 19:56 UTC

Return-Path: <david.black@emc.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 1F11121F87BE for <gen-art@ietfa.amsl.com>; Wed, 29 Feb 2012 11:56:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.715
X-Spam-Status: No, score=-109.715 tagged_above=-999 required=5 tests=[AWL=0.884, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id gnbqS0j-9dbn for <gen-art@ietfa.amsl.com>; Wed, 29 Feb 2012 11:56:24 -0800 (PST)
Received: from mexforward.lss.emc.com (mexforward.lss.emc.com []) by ietfa.amsl.com (Postfix) with ESMTP id 5BA6721F87CC for <gen-art@ietf.org>; Wed, 29 Feb 2012 11:56:23 -0800 (PST)
Received: from hop04-l1d11-si01.isus.emc.com (HOP04-L1D11-SI01.isus.emc.com []) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id q1TJuMux009084 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <gen-art@ietf.org>; Wed, 29 Feb 2012 14:56:22 -0500
Received: from mailhub.lss.emc.com (mailhubhoprd01.lss.emc.com []) by hop04-l1d11-si01.isus.emc.com (RSA Interceptor) for <gen-art@ietf.org>; Wed, 29 Feb 2012 14:56:05 -0500
Received: from mxhub05.corp.emc.com (mxhub05.corp.emc.com []) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id q1TJu1qL030171 for <gen-art@ietf.org>; Wed, 29 Feb 2012 14:56:04 -0500
Received: from mx14a.corp.emc.com ([]) by mxhub05.corp.emc.com ([]) with mapi; Wed, 29 Feb 2012 14:56:03 -0500
From: david.black@emc.com
To: gen-art@ietf.org
Date: Wed, 29 Feb 2012 14:56:01 -0500
Thread-Topic: [Technical Errata Reported] RFC4966 (3142)
Thread-Index: Acz3GzmqLn5pgnVfS8Cr245D4RtKDAAAG/Gw
Message-ID: <7C4DFCE962635144B8FAE8CA11D0BF1E05AEC8CAD9@MX14A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [Gen-art] FW: [Technical Errata Reported] RFC4966 (3142)
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Feb 2012 19:56:25 -0000

FYI - this errata was the result of Gen-ART review of draft-ietf-behave-64-analysis-06
which found problems in a paragraph copied from RFC 4966.


-----Original Message-----
From: RFC Errata System [mailto:rfc-editor@rfc-editor.org] 
Sent: Wednesday, February 29, 2012 2:43 PM
To: ietf@energizeurnet.com; elwynd@dial.pipex.com; rbonica@juniper.net; dromasca@avaya.com; fred.baker@cisco.com; joelja@bogus.com
Cc: Black, David; v6ops@ietf.org; rfc-editor@rfc-editor.org
Subject: [Technical Errata Reported] RFC4966 (3142)

The following errata report has been submitted for RFC4966,
"Reasons to Move the Network Address Translator - Protocol Translator (NAT-PT) to Historic Status".

You may review the report below and at:

Type: Technical
Reported by: David L. Black <david.black@emc.com>

Section: 2.1

Original Text
Unless UDP encapsulation is used for IPsec [RFC3498], traffic using
IPsec AH (Authentication Header), in transport and tunnel mode, and
IPsec ESP (Encapsulating Security Payload), in transport mode, is
unable to be carried through NAT-PT without terminating the security
associations on the NAT-PT, due to their usage of cryptographic
integrity protection.

Corrected Text
IPsec traffic using AH (Authentication Header) [RFC4302] in both
transport and tunnel modes cannot be carried through NAT-PT without
terminating the security associations on the NAT-PT, due to the
inclusion of IP header fields in the scope of AH's cryptographic
integrity protection [RFC3715].  In addition, IPsec traffic using
ESP (Encapsulating Security Payload) [RFC4303] in transport mode
generally uses UDP encapsulation [RFC3948] for NAT traversal
(including NAT-PT traversal) in order to avoid the problems
described in [RFC3715].

This RFC4966 text was copied into draft-ietf-behave-64-analysis-06.
Gen-ART review of that draft found that the statement was incorrect
for ESP.  The correct explanations of the problems (in great detail)
can be found in RFC 3715.

This errata is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party (IESG)
can log in to change the status and edit the report, if necessary. 

RFC4966 (draft-ietf-v6ops-natpt-to-historic-00)
Title               : Reasons to Move the Network Address Translator - Protocol Translator (NAT-PT) to Historic Status
Publication Date    : July 2007
Author(s)           : C. Aoun, E. Davies
Category            : INFORMATIONAL
Source              : IPv6 Operations
Area                : Operations and Management
Stream              : IETF
Verifying Party     : IESG