FYI - this errata was the result of Gen-ART review of draft-ietf-behave-64-analysis-06 which found problems in a paragraph copied from RFC 4966.
Thanks, --David -----Original Message----- From: RFC Errata System [mailto:[email protected]] Sent: Wednesday, February 29, 2012 2:43 PM To: [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected] Cc: Black, David; [email protected]; [email protected] Subject: [Technical Errata Reported] RFC4966 (3142) The following errata report has been submitted for RFC4966, "Reasons to Move the Network Address Translator - Protocol Translator (NAT-PT) to Historic Status". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=4966&eid=3142 -------------------------------------- Type: Technical Reported by: David L. Black <[email protected]> Section: 2.1 Original Text ------------- Unless UDP encapsulation is used for IPsec [RFC3498], traffic using IPsec AH (Authentication Header), in transport and tunnel mode, and IPsec ESP (Encapsulating Security Payload), in transport mode, is unable to be carried through NAT-PT without terminating the security associations on the NAT-PT, due to their usage of cryptographic integrity protection. Corrected Text -------------- IPsec traffic using AH (Authentication Header) [RFC4302] in both transport and tunnel modes cannot be carried through NAT-PT without terminating the security associations on the NAT-PT, due to the inclusion of IP header fields in the scope of AH's cryptographic integrity protection [RFC3715]. In addition, IPsec traffic using ESP (Encapsulating Security Payload) [RFC4303] in transport mode generally uses UDP encapsulation [RFC3948] for NAT traversal (including NAT-PT traversal) in order to avoid the problems described in [RFC3715]. Notes ----- This RFC4966 text was copied into draft-ietf-behave-64-analysis-06. Gen-ART review of that draft found that the statement was incorrect for ESP. The correct explanations of the problems (in great detail) can be found in RFC 3715. Instructions: ------------- This errata is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -------------------------------------- RFC4966 (draft-ietf-v6ops-natpt-to-historic-00) -------------------------------------- Title : Reasons to Move the Network Address Translator - Protocol Translator (NAT-PT) to Historic Status Publication Date : July 2007 Author(s) : C. Aoun, E. Davies Category : INFORMATIONAL Source : IPv6 Operations Area : Operations and Management Stream : IETF Verifying Party : IESG _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
