IETF Logo Mail Archive

[tcpm] [Technical Errata Reported] RFC5925 (7135)

RFC Errata System <rfc-editor@rfc-editor.org> Fri, 16 September 2022 08:31 UTC

Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0903CC159A2E for <tcpm@ietfa.amsl.com>; Fri, 16 Sep 2022 01:31:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.657
X-Spam-Level:
X-Spam-Status: No, score=-1.657 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LmR5OC9KKBMp for <tcpm@ietfa.amsl.com>; Fri, 16 Sep 2022 01:31:32 -0700 (PDT)
Received: from rfcpa.amsl.com (rfc-editor.org [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BA83C14F73F for <tcpm@ietf.org>; Fri, 16 Sep 2022 01:31:32 -0700 (PDT)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 1A971AB20C; Fri, 16 Sep 2022 01:31:32 -0700 (PDT)
To: touch@isi.edu, mankin@psg.com, rbonica@juniper.net, martin.h.duke@gmail.com, Zaheduzzaman.Sarker@ericsson.com, nsd.ietf@gmail.com, tuexen@fh-muenster.de, ianswett@google.com
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: venkatesh.natarajan@hpe.com, tcpm@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20220916083132.1A971AB20C@rfcpa.amsl.com>
Date: Fri, 16 Sep 2022 01:31:32 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/_3A651SxjhaVNN0g16684AVDYC4>
X-Mailman-Approved-At: Fri, 16 Sep 2022 08:29:37 -0700
Subject: [tcpm] [Technical Errata Reported] RFC5925 (7135)
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Sep 2022 08:31:36 -0000

The following errata report has been submitted for RFC5925,
"The TCP Authentication Option".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid7135

--------------------------------------
Type: Technical
Reported by: Venkatesh Natarajan <venkatesh.natarajan@hpe.com>

Section: 7.3

Original Text
-------------
>> A TCP-AO implementation MUST allow for configuration of the
   behavior of segments with TCP-AO but that do not match an MKT.  The
   initial default of this configuration SHOULD be to silently accept
   such connections.  If this is not the desired case, an MKT can be
   included to match such connections, or the connection can indicate
   that TCP-AO is required.  Alternately, the configuration can be
   changed to discard segments with the AO option not matching an MKT.

Corrected Text
--------------
>> A TCP-AO implementation MUST allow for configuration of the
   behavior of segments with TCP-AO but that do not match any MKT or 
   no MKT is available. The initial default of this configuration 
   SHOULD be to silently accept such connections. In this mode of 
   operation, both the endpoints will not perform TCP-AO validation.
   If this is not the desired case, an MKT can be included to match such 
   connections, or the connection can indicate that TCP-AO is required. 
   Alternately, the configuration can be changed to discard segments
   with the AO option not matching an MKT.

Notes
-----
The RFC does not clearly draw out the distinction between treatment of segments with TCP-AO and without TCP-AO option.
Note that in the case of MKT mismatch as per existing RFC text, if either endpoint does TCP-AO validation, the session would not get established.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
can log in to change the status and edit the report, if necessary. 

--------------------------------------
RFC5925 (draft-ietf-tcpm-tcp-auth-opt-11)
--------------------------------------
Title               : The TCP Authentication Option
Publication Date    : June 2010
Author(s)           : J. Touch, A. Mankin, R. Bonica
Category            : PROPOSED STANDARD
Source              : TCP Maintenance and Minor Extensions
Area                : Transport
Stream              : IETF
Verifying Party     : IESG

v2.29.0 | Report a Bug | By Email | System Status