Search RFCs
The Series
For Authors
Sponsor
RFC Errata
Found 2 records.
Status:Rejected (2)
RFC 5310, "IS-IS Generic Cryptographic Authentication", February 2009
Note: This RFC has been updated byRFC 6233, RFC 6232
Source of RFC: isis (rtg)Errata ID:2461
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Tony Li
Date Reported: 2010-08-12
Rejected by: Adrian Farrel
Date Rejected: 2012-08-16
Section 3.4 says:
The authentication data for the IS-IS IIH PDUs MUST be computed afterthe IS-IS Hello (IIH) has been padded to the MTU size, if padding is not explicitly disabled.
It should say:
The authentication data for the IS-IS IIH PDUs MUST be computed afterthe IS-IS Hello (IIH) has been padded to the MTU size, if padding isnot explicitly disabled.ISes (routers) that implement CRYPTO_AUTH authentication and initiate LSPpurges MUST remove the body of the LSP and add the authentication TLV.
Notes:
The RFC ignores the case of when an IS initiates a purge. Purges MUST be authenticated explicitly, otherwise the default protocol machinery will leave open a trivial attack.
--VERIFIER NOTES--
This issue appears to be correct, but does not qualify as something that can be addressed through the Errata System because it is a functional change to the document, not a typo. If the WG feels that it needs to be addressed, this should be captured in a new I-D.
Errata ID:2462
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Tony Li
Date Reported: 2010-08-12
Rejected by: Adrian Farrel
Date Rejected: 2012-08-16
Section 3.5 says:
An implementation MAY have a transition mode where it includesCRYPTO_AUTH information in the PDUs but does not verify thisinformation. This is provided as a transition aid for networks inthe process of migrating to the new CRYPTO_AUTH-based authenticationschemes.
It should say:
An implementation MAY have a transition mode where it includesCRYPTO_AUTH information in the PDUs but does not verify thisinformation. This is provided as a transition aid for networks inthe process of migrating to the new CRYPTO_AUTH-based authenticationschemes.ISes implementing CRYPTO_AUTH authentication MUST NOT acceptunauthenticated purges. ISes MUST NOT accept purges that containTLVs other than the authentication TLV. These restrictions arenecessary to prevent a hostile system from receiving an LSP, settingthe Remaining Lifetime field to zero, and flooding it, therebyinitiating a purge without knowing the authentication password.
Notes:
The RFC ignores the case of purges. With explicit definition, purge packets would not include authentication, which would open a trivial vector for attack.
--VERIFIER NOTES--
This issue appears to be correct, but does not qualify as something that can be addressed through the Errata System because it is a functional change to the document, not a typo. If the WG feels that it needs to be addressed, this should be captured in a new I-D.