'Re: [TLS] [Technical Errata Reported] RFC5054 (4546)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf-tls
Subject:    Re: [TLS] [Technical Errata Reported] RFC5054 (4546)
From:       Nikos Mavrogiannopoulos <nmav () gnutls ! org>
Date:       2016-01-18 9:26:03
Message-ID: CAJU7za+c1FH9FeO+q-PcGSoZV0i1XALuuZVaCA4BEE_-MMZ9iw () mail ! gmail ! com
[Download RAW message or body]

Hi,
 I find the reported errata reasonable.

On Sun, Jan 17, 2016 at 7:53 PM, Rick van Rein <rick@openfortress.nl> wrote:
> Hello,
>
> Could I bring this erratum reported in November to your attention once
> more?  I think it calls for correction.
>
> Thanks,
>  -Rick
>> RFC Errata System <mailto:rfc-editor@rfc-editor.org>
>> 30 November 2015 at 17:02
>> The following errata report has been submitted for RFC5054,
>> "Using the Secure Remote Password (SRP) Protocol for TLS Authentication".
>>
>> --------------------------------------
>> You may review the report below and at:
>> http://www.rfc-editor.org/errata_search.php?rfc=5054&eid=4546
>>
>> --------------------------------------
>> Type: Technical
>> Reported by: Rick van Rein <rick@openfortress.nl>
>>
>> Section: 2.6
>>
>> Original Text
>> -------------
>> B = k*v + g^b % N
>>
>> Corrected Text
>> --------------
>> B = ( k*v + g^b ) % N
>>
>> Notes
>> -----
>> The customary binding is that + has lower priority than % and so the
>> default reading of the expression would be
>> B = k*v + ( g^b % N )
>> That is inconsistent with the existence of PAD(B) and the size of B in
>> the test vectors, so the context hints at proper brackets, but this
>> may still lead to implementation errors (of which I actually ran into
>> an example).
>>
>> Instructions:
>> -------------
>> This erratum is currently posted as "Reported". If necessary, please
>> use "Reply All" to discuss whether it should be verified or
>> rejected. When a decision is reached, the verifying party (IESG)
>> can log in to change the status and edit the report, if necessary.
>>
>> --------------------------------------
>> RFC5054 (draft-ietf-tls-srp-14)
>> --------------------------------------
>> Title : Using the Secure Remote Password (SRP) Protocol for TLS
>> Authentication
>> Publication Date : November 2007
>> Author(s) : D. Taylor, T. Wu, N. Mavrogiannopoulos, T. Perrin
>> Category : INFORMATIONAL
>> Source : Transport Layer Security
>> Area : Security
>> Stream : IETF
>> Verifying Party : IESG
>>


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic