[IPsec] Minor thinko in IKEv2 rfc5996bis draft (and RFC 5996)

"Black, David" <david.black@emc.com> Mon, 19 May 2014 02:09 UTC

Return-Path: <david.black@emc.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id BF6A31A0257 for <ipsec@ietfa.amsl.com>; Sun, 18 May 2014 19:09:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.652
X-Spam-Status: No, score=-0.652 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id hqY8A07ngQ3K for <ipsec@ietfa.amsl.com>; Sun, 18 May 2014 19:09:40 -0700 (PDT)
Received: from mailuogwhop.emc.com (mailuogwhop.emc.com []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DECE41A0256 for <ipsec@ietf.org>; Sun, 18 May 2014 19:09:39 -0700 (PDT)
Received: from maildlpprd04.lss.emc.com (maildlpprd04.lss.emc.com []) by mailuogwprd02.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id s4J29bFw029319 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ipsec@ietf.org>; Sun, 18 May 2014 22:09:37 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd02.lss.emc.com s4J29bFw029319
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1400465377; bh=IfGRziEfu/WdpnZSJDY6jvlT/RI=; h=From:To:CC:Date:Subject:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=xSgycPbJb0l97MxzNNRR15L1mXexWPZzy8/difBxmjlfQw9YS9J1gNl7DqgIW+R/H TvG643ol1SaOzSAQ1ljvL6K51EGxwWLFRYdbBdJMrkDVljLy7dzFGHM3dNZEKYqCQm HxYUeoAoNJk5JBCXV19KIlP2c3eyAiY5sa4v0XRQ=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd02.lss.emc.com s4J29bFw029319
Received: from mailusrhubprd54.lss.emc.com (mailusrhubprd54.lss.emc.com []) by maildlpprd04.lss.emc.com (RSA Interceptor) for <ipsec@ietf.org>; Sun, 18 May 2014 19:09:28 -0700
Received: from mxhub15.corp.emc.com (mxhub15.corp.emc.com []) by mailusrhubprd54.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id s4J29R17015961 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <ipsec@ietf.org>; Sun, 18 May 2014 22:09:27 -0400
Received: from mx15a.corp.emc.com ([]) by mxhub15.corp.emc.com ([]) with mapi; Sun, 18 May 2014 22:09:26 -0400
From: "Black, David" <david.black@emc.com>
To: "IPsecme WG (ipsec@ietf.org)" <ipsec@ietf.org>
Date: Sun, 18 May 2014 22:09:24 -0400
Thread-Topic: Minor thinko in IKEv2 rfc5996bis draft (and RFC 5996)
Thread-Index: Ac9zB1qpngRaP9PJSruOtmCiCpS0gg==
Message-ID: <8D3D17ACE214DC429325B2B98F3AE712076C55BC0C@MX15A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd54.lss.emc.com
X-RSA-Classifications: public
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/4XKIGTjJCWfG725MzAmXyz5NQqE
Cc: "Black, David" <david.black@emc.com>
Subject: [IPsec] Minor thinko in IKEv2 rfc5996bis draft (and RFC 5996)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 May 2014 02:09:42 -0000

In looking for something else, I ran across a minor thinko in the
rfc5996bis draft that was inherited from RFC 5996.

Section 3.14, Encrypted Payload, 4th paragraph:

   When an authenticated encryption algorithm is used to protect the IKE
   SA, the construction of the Encrypted payload is different than what
   is described here.  See [AEAD] for more information on authenticated
   encryption algorithms and their use in ESP.

[AEAD] is a reference to RFC 5282, "Using Authenticated Encryption
Algorithms with the Encrypted Payload of the Internet Key Exchange
version 2 (IKEv2) Protocol."

Hence, a change is in order at the end of the paragraph:

	"ESP" -> "IKEv2"

In the unlikely event that the IESG finds nothing else to change in
the draft :-), an RFC Editor Note ought to suffice to handle this.

Should I also file an erratum against RFC 5996?

David L. Black, Distinguished Engineer
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
david.black@emc.com        Mobile: +1 (978) 394-7754