[tcpm] [Errata Rejected] RFC5925 (7135)
RFC Errata System <rfc-editor@rfc-editor.org> Thu, 06 October 2022 21:46 UTC
Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C9FAC14CE41; Thu, 6 Oct 2022 14:46:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.659
X-Spam-Level:
X-Spam-Status: No, score=-6.659 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YV05o2guWqnR; Thu, 6 Oct 2022 14:46:08 -0700 (PDT)
Received: from rfcpa.amsl.com (rfc-editor.org [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8118C1594AC; Thu, 6 Oct 2022 14:46:08 -0700 (PDT)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id C44E355ECA; Thu, 6 Oct 2022 14:46:08 -0700 (PDT)
To: venkatesh.natarajan@hpe.com, touch@isi.edu, mankin@psg.com, rbonica@juniper.net
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: martin.h.duke@gmail.com, iesg@ietf.org, tcpm@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20221006214608.C44E355ECA@rfcpa.amsl.com>
Date: Thu, 06 Oct 2022 14:46:08 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/oxOqePmeCo4I6ojlR3E5FaoGzKU>
Subject: [tcpm] [Errata Rejected] RFC5925 (7135)
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2022 21:46:13 -0000
The following errata report has been rejected for RFC5925, "The TCP Authentication Option". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7135 -------------------------------------- Status: Rejected Type: Technical Reported by: Venkatesh Natarajan <venkatesh.natarajan@hpe.com> Date Reported: 2022-09-16 Rejected by: Martin Duke (IESG) Section: 7.3 Original Text ------------- >> A TCP-AO implementation MUST allow for configuration of the behavior of segments with TCP-AO but that do not match an MKT. The initial default of this configuration SHOULD be to silently accept such connections. If this is not the desired case, an MKT can be included to match such connections, or the connection can indicate that TCP-AO is required. Alternately, the configuration can be changed to discard segments with the AO option not matching an MKT. Corrected Text -------------- >> A TCP-AO implementation MUST allow for configuration of the behavior of segments with TCP-AO but that do not match any MKT or no MKT is available. The initial default of this configuration SHOULD be to silently accept such connections. In this mode of operation, both the endpoints will not perform TCP-AO validation. If this is not the desired case, an MKT can be included to match such connections, or the connection can indicate that TCP-AO is required. Alternately, the configuration can be changed to discard segments with the AO option not matching an MKT. Notes ----- The RFC does not clearly draw out the distinction between treatment of segments with TCP-AO and without TCP-AO option. Note that in the case of MKT mismatch as per existing RFC text, if either endpoint does TCP-AO validation, the session would not get established. --VERIFIER NOTES-- As noted in the email below, when both sides do not have common configuration, the handshake will fail. Please see https://mailarchive.ietf.org/arch/msg/tcpm/0zG2aP5tGBvbRJxuNOIPFYDK9Jg/ -------------------------------------- RFC5925 (draft-ietf-tcpm-tcp-auth-opt-11) -------------------------------------- Title : The TCP Authentication Option Publication Date : June 2010 Author(s) : J. Touch, A. Mankin, R. Bonica Category : PROPOSED STANDARD Source : TCP Maintenance and Minor Extensions Area : Transport Stream : IETF Verifying Party : IESG
- [tcpm] [Errata Rejected] RFC5925 (7135) RFC Errata System