[CFRG] [Errata Held for Document Update] RFC8391 (8424)
RFC Errata System <rfc-editor@rfc-editor.org> Wed, 28 January 2026 19:45 UTC
Return-Path: <wwwrun@rfcpa.rfc-editor.org>
X-Original-To: cfrg@irtf.org
Delivered-To: cfrg@mail2.ietf.org
Received: from rfcpa.rfc-editor.org (unknown [167.172.21.234]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id E1F17AE7571D; Wed, 28 Jan 2026 11:45:12 -0800 (PST)
Received: by rfcpa.rfc-editor.org (Postfix, from userid 461) id CFD99C000CE0; Wed, 28 Jan 2026 11:45:12 -0800 (PST)
To: amaloz@galois.com, ietf@huelsing.net, dbutin@cdc.informatik.tu-darmstadt.de, ietf@gazdag.de, ietf@joostrijneveld.nl, mohaisen@ieee.org
From: RFC Errata System <rfc-editor@rfc-editor.org>
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20260128194512.CFD99C000CE0@rfcpa.rfc-editor.org>
Date: Wed, 28 Jan 2026 11:45:12 -0800
Message-ID-Hash: 7BCIH4HADT55FMD5SDEEJSU3UPJKLPPF
X-Message-ID-Hash: 7BCIH4HADT55FMD5SDEEJSU3UPJKLPPF
X-MailFrom: wwwrun@rfcpa.rfc-editor.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; header-match-cfrg.irtf.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: irsg@irtf.org, cfrg@irtf.org, rfc-editor@rfc-editor.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [CFRG] [Errata Held for Document Update] RFC8391 (8424)
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/W6JPh2CileTNb0yVKalBJaZkszQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>
The following errata report has been held for document update for RFC8391, "XMSS: eXtended Merkle Signature Scheme". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid8424 -------------------------------------- Status: Held for Document Update Type: Technical Reported by: Alex J Malozemoff <amaloz@galois.com> Date Reported: 2025-05-19 Held by: Nick Sullivan (IRSG) Section: 4.1.3 Original Text ------------- An XMSS private key SK contains 2^h WOTS+ private keys, ... Corrected Text -------------- An XMSS private key SK contains an algorithm OID, 2^h WOTS+ private keys, ... Notes ----- Section 4.1.3 makes no mention of an OID; however, the reference spec includes one with the following comment: "For an implementation that uses runtime parameters, it is crucial that the OID is part of the secret key as well; i.e. not just for interoperability, but also for internal use." This would suggest that an OID should be included as part of the private key in Section 4.1.3. --VERIFIER NOTES-- The erratum correctly notes that Section 4.1.3 omits OID from the private key while Section 4.1.7 includes it in the public key. However, RFC authors expressed concern that adding OID would break existing implementations. Huelsing called it "undecided" and Gazdag said it's "not a MUST kind of default": https://mailarchive.ietf.org/arch/msg/cfrg/mE9Ll7bC3I5YXKw7-NgW9QGkYJo/ https://mailarchive.ietf.org/arch/msg/cfrg/ccsjAtPz_IPUO1N3BkPSyng9WOw/ -------------------------------------- RFC8391 (draft-irtf-cfrg-xmss-hash-based-signatures-12) -------------------------------------- Title : XMSS: eXtended Merkle Signature Scheme Publication Date : May 2018 Author(s) : A. Huelsing, D. Butin, S. Gazdag, J. Rijneveld, A. Mohaisen Category : INFORMATIONAL Source : Crypto Forum Research Group Stream : IRTF Verifying Party : IRSG
- [CFRG] [Errata Held for Document Update] RFC8391 … RFC Errata System