[AVTCORE] [Errata Verified] RFC7714 (4938)
RFC Errata System <rfc-editor@rfc-editor.org> Wed, 08 November 2023 08:41 UTC
Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4E55C1CB014; Wed, 8 Nov 2023 00:41:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.534
X-Spam-Level:
X-Spam-Status: No, score=0.534 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, RDNS_NONE=0.793, SPF_HELO_SOFTFAIL=0.732, SPF_SOFTFAIL=0.665, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UF-wcDmyyjVF; Wed, 8 Nov 2023 00:41:30 -0800 (PST)
Received: from rfcpa.amsl.com (unknown [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33F32C1CAFFB; Wed, 8 Nov 2023 00:41:30 -0800 (PST)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id F027EAE80; Wed, 8 Nov 2023 00:41:29 -0800 (PST)
To: paulej@packetizer.com, mcgrew@cisco.com, mythicalkevin@yahoo.com
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: superuser@gmail.com, iesg@ietf.org, avt@ietf.org, iana@iana.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20231108084129.F027EAE80@rfcpa.amsl.com>
Date: Wed, 08 Nov 2023 00:41:29 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/tUCHXYY98Mo6Vj2EVrXD-JQ_AS0>
Subject: [AVTCORE] [Errata Verified] RFC7714 (4938)
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Nov 2023 08:41:33 -0000
The following errata report has been verified for RFC7714, "AES-GCM Authenticated Encryption in the Secure Real-time Transport Protocol (SRTP)". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid4938 -------------------------------------- Status: Verified Type: Technical Reported by: Paul E. Jones <paulej@packetizer.com> Date Reported: 2017-02-16 Verified by: Murray Kucherawy (IESG) Section: 11 Original Text ------------- A Key Derivation Function (KDF) is used to derive all of the required encryption and authentication keys from a secret value shared by the endpoints. The AEAD_AES_128_GCM algorithm MUST use the (128-bit) AES_CM PRF KDF described in [RFC3711]. AEAD_AES_256_GCM MUST use the AES_256_CM_PRF KDF described in [RFC6188]. Corrected Text -------------- A Key Derivation Function (KDF) is used to derive all of the required encryption and authentication keys from a secret value shared by the endpoints. The AEAD_AES_128_GCM algorithm MUST use the (128-bit) AES_CM PRF KDF described in [RFC3711]. AEAD_AES_256_GCM MUST use the AES_256_CM_PRF KDF described in [RFC6188]. Since the KDF functions in those RFCs assume as input a 112-bit master salt, the 96-bit master salt specified in this document must be multiplied by 2^16 to form the 112-bit salt used as the master salt in those key derivation functions. Notes ----- The salt specified in RFC 7714 is 96 bits in length, but intended for use in KDF functions defined in RFC 3711. This led to different interpretations when implementing this RFC. A more complete description was presented on the avtcore mailing list (https://mailarchive.ietf.org/arch/msg/avt/IRfLuNKglD3qhqwSz3v3t0CG6fA) and, after some dialog, there seemed to be agreement to adopt the approach most widely implemented (https://mailarchive.ietf.org/arch/msg/avt/-C1cIWQXpyzS2KfBjGR6B2kK92w). This suggested text is intended to reflect that agreement. In effect, 16 zero bits are padded to the right of the salt value defined in RFC 7714 (creating a 112 bit salt value) before it is used as described in the KDF functions defined in RFC 3711 that require a 112 bit salt value. -------------------------------------- RFC7714 (draft-ietf-avtcore-srtp-aes-gcm-17) -------------------------------------- Title : AES-GCM Authenticated Encryption in the Secure Real-time Transport Protocol (SRTP) Publication Date : December 2015 Author(s) : D. McGrew, K. Igoe Category : PROPOSED STANDARD Source : Audio/Video Transport Core Maintenance Area : Applications and Real-Time Stream : IETF Verifying Party : IESG
- [AVTCORE] [Errata Verified] RFC7714 (4938) RFC Errata System
- [AVTCORE] [IANA #1287104] [Errata Verified] RFC77… Amanda Baber via RT