[CFRG] [Technical Errata Reported] RFC9180 (7933)

RFC Errata System <rfc-editor@rfc-editor.org> Sun, 12 May 2024 07:36 UTC

Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA70AC14CF09; Sun, 12 May 2024 00:36:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.648
X-Spam-Level:
X-Spam-Status: No, score=-6.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WYswWeBSwdxR; Sun, 12 May 2024 00:36:10 -0700 (PDT)
Received: from rfcpa.amsl.com (rfcpa.amsl.com [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41EF5C14F5E2; Sun, 12 May 2024 00:36:10 -0700 (PDT)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 08BF8B3B07; Sun, 12 May 2024 00:36:10 -0700 (PDT)
To: rlb@ipv.sx, karthikeyan.bhargavan@inria.fr, ietf@benjaminlipp.de, caw@heapingbits.net, irsg@irtf.org, cfrg@irtf.org
From: RFC Errata System <rfc-editor@rfc-editor.org>
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20240512073610.08BF8B3B07@rfcpa.amsl.com>
Date: Sun, 12 May 2024 00:36:10 -0700
Message-ID-Hash: UI3CAQS23ESNX4TJHS645TSB5XOHQ2V6
X-Message-ID-Hash: UI3CAQS23ESNX4TJHS645TSB5XOHQ2V6
X-MailFrom: wwwrun@rfcpa.amsl.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: raul@guardedbox.com, rfc-editor@rfc-editor.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [CFRG] [Technical Errata Reported] RFC9180 (7933)
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/lASywlqlFH_gwmX-j_yTMLRUyhY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>

The following errata report has been submitted for RFC9180,
"Hybrid Public Key Encryption".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid7933

--------------------------------------
Type: Technical
Reported by: Raul Siles <raul@guardedbox.com>

Section: 5.1

Original Text
-------------
[In Section 5.1 the return value of KeySchedule<ROLE> reflects:]

return Context<ROLE>(key, base_nonce, 0, exporter_secret)

The ROLE template parameter is either S or R, depending on the role 
of sender or recipient, respectively. See Section 5.2 for a discussion 
of the key schedule output, including the role-specific Context 
structure and its API.


Corrected Text
--------------
[In Section 5.1 the return value of KeySchedule<ROLE> reflects:]

return Context<ROLE>(key, base_nonce, 0, exporter_secret)

The ROLE template parameter is either S or R, depending on the role 
of sender or recipient, respectively. The third field in the 
Context<ROLE> refers to the sequence number, that is initialised with 
a 0 value. See Section 5.2 for a discussion of the key schedule output,
including the role-specific Context structure and its API, and the 
usage of the sequence number.


Notes
-----
In Section 5.1 the return value of KeySchedule<ROLE> reflects:

return Context<ROLE>(key, base_nonce, 0, exporter_secret)

I'm assuming the "0" value (in the third field of the Context<ROLE>) refers to the sequence number, with an initialisation value of 0, that is mentioned in Section 5.2, but the RFCs does not include details about the meaning of this third field and value.

I suggest to clarify in section 5.1 the meaning of that 0 value and field, and add a reference to section 5.2 with all the details about the sequence number.

Instructions:
-------------
This erratum is currently posted as "Reported". (If it is spam, it 
will be removed shortly by the RFC Production Center.) Please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
will log in to change the status and edit the report, if necessary.

--------------------------------------
RFC9180 (draft-irtf-cfrg-hpke-12)
--------------------------------------
Title               : Hybrid Public Key Encryption
Publication Date    : February 2022
Author(s)           : R. Barnes, K. Bhargavan, B. Lipp, C. Wood
Category            : INFORMATIONAL
Source              : Crypto Forum Research Group
Stream              : IRTF
Verifying Party     : IRSG