Checking on the errata items for the old IPsec WG I found these three:
https://www.rfc-editor.org/errata/eid6953
This is against RFC2402 and the change is correct, there is
wrong section reference 3.3.2 where it should b section 3.3.3.
This should be marked as verified.
https://www.rfc-editor.org/errata/eid7244
This is for RFC3526 and it says that Generator should not be
2, but this is incorrect. The group in the RFC is generated
using the instructions frm the RFC2412 and that explains that
number 2 is not technically a generator, but there are reasons
to use it (APPENDIX E The Well-Known Groups of 2412):
Using 2 as a generator is efficient for some modular
exponentiation algorithms. [Note that 2 is technically not a
generator in the number theory sense, because it omits half of
the possible residues mod P. From a cryptographic viewpoint,
this is a virtue.]
This change would be break interoperability with old
implementations and should be rejected.
https://www.rfc-editor.org/errata/eid4709
This is for RFC4301 and tries to fix the ASN.1 in Appendix C.
The proposed changes uses lines which are not part of the
RFC4301, i.e., the "=" -> "::=" that are listed as needed to
be done, are already in the RFC4301. Only other changes it
does is to remove "-- DEFINED BY algorithm" from one location,
but leave it in in few other places. It also chanegs the
iso(1) org (3) dod (6)" to "iso(1) identified-organization (3)
dod (6) which might be correct, but is not needed.
I think this errata should be rejected.
--
[email protected]
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
