The following errata report has been submitted for RFC6290, "A Quick Crash Detection Method for the Internet Key Exchange Protocol (IKE)".
-------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6290&eid=3448 -------------------------------------- Type: Technical Reported by: Valery Smyslov <[email protected]> Section: 4.3 Original Text ------------- For session resumption, as specified in [RFC5723], the situation is similar. The responder, which is necessarily the peer that has crashed, SHOULD send a new ticket within the protected payload of the IKE_SESSION_RESUME exchange. If the Initiator is also a token maker, it needs to send a QCD_TOKEN in a separate INFORMATIONAL exchange. Corrected Text -------------- For session resumption, as specified in [RFC5723], the situation is similar. The responder, which is necessarily the peer that has crashed, SHOULD send a new QCD_TOKEN in the IKE_AUTH exchange that immediately followes the IKE_SESSION_RESUME exchange. If the Initiator is also a token maker, it needs to send a QCD_TOKEN in the same IKE_AUTH exchange. Notes ----- Original text mixes up terms "ticket" (as Session Resumption ticket from RFC5723) and "token" (as QCD token from this RFC). As QCD token must never be sent in an unprotected message (see section 9.2 from this RFC) it cannot be sent in the IKE_SESSION_RESUME exchange because this exchange is done in clear. So, QCD token must be sent in the IKE_AUTH exchange that immediately followes the IKE_SESSION_RESUME exchange. In this case there is no need for the separate INFORMATIONAL exchange the Initiator's QCD token (if any) to be sent in, because it could be sent in the same IKE_AUTH exchange. Instructions: ------------- This errata is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6290 (draft-ietf-ipsecme-failure-detection-08) -------------------------------------- Title : A Quick Crash Detection Method for the Internet Key Exchange Protocol (IKE) Publication Date : June 2011 Author(s) : Y. Nir, Ed., D. Wierbowski, F. Detienne, P. Sethi Category : PROPOSED STANDARD Source : IP Security Maintenance and Extensions Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
