[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf-tls
Subject:    [TLS] [Errata Verified] RFC8446 (5483)
From:       RFC Errata System <rfc-editor () rfc-editor ! org>
Date:       2024-03-29 0:57:07
Message-ID: 20240329005707.DC347191A4B4 () rfcpa ! amsl ! com
[Download RAW message or body]

The following errata report has been verified for RFC8446,
"The Transport Layer Security (TLS) Protocol Version 1.3". 

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid5483

--------------------------------------
Status: Verified
Type: Technical

Reported by: Patrick Kelsey <pat.kelsey@notforadio.com>
Date Reported: 2018-08-28
Verified by: Paul Wouters (IESG)

Section: 4.2.8.2

Original Text
-------------
For X25519 and X448, the contents of the public value are the byte
string inputs and outputs of the corresponding functions defined in
[RFC7748]: 32 bytes for X25519 and 56 bytes for X448.

Corrected Text
--------------
For X25519 and X448, the contents of the public value are the byte
string outputs of the corresponding functions defined in [RFC7748]: 32
bytes for X25519 and 56 bytes for X448.

Notes
-----
Per Section 7.4.2 of this RFC and Section 6 of RFC7748, the byte string inputs to the \
corresponding ECDH scalar multiplication function are the private key and the \
u-coordinate of the standard public base point, the former of which of course must \
not be transmitted and the latter of which is a known constant.

Paul Wouters (AD): Resolved but with the following Corrected Text:

For X25519 and X448, the contents of the public value is the K_A or
K_B value described in Section 6 of [RFC7748].  This is 32 bytes for
X25519 and 56 bytes for X448.

> From another perspective, including the byte string inputs in the contents of the \
> public value would contradict the resulting content sizes given at the end of the \
> cited paragraph as well as the statement in Section 7.4.2 that the public key put \
> into the KeyShareEntry is the output of ECDH scalar multiplication function.

--------------------------------------
RFC8446 (draft-ietf-tls-tls13-28)
--------------------------------------
Title               : The Transport Layer Security (TLS) Protocol Version 1.3
Publication Date    : August 2018
Author(s)           : E. Rescorla
Category            : PROPOSED STANDARD
Source              : Transport Layer Security
Stream              : IETF
Verifying Party     : IESG

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic