IETF Logo Mail Archive

Re: [Technical Errata Reported] RFC9001 (7785)

Martin Duke <martin.h.duke@gmail.com> Fri, 26 January 2024 19:16 UTC

Return-Path: <martin.h.duke@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74AD7C14F705 for <quic@ietfa.amsl.com>; Fri, 26 Jan 2024 11:16:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jUf-byPyTta1 for <quic@ietfa.amsl.com>; Fri, 26 Jan 2024 11:16:11 -0800 (PST)
Received: from mail-vk1-xa35.google.com (mail-vk1-xa35.google.com [IPv6:2607:f8b0:4864:20::a35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D569C14F61E for <quic@ietf.org>; Fri, 26 Jan 2024 11:16:11 -0800 (PST)
Received: by mail-vk1-xa35.google.com with SMTP id 71dfb90a1353d-4b739b49349so134285e0c.1 for <quic@ietf.org>; Fri, 26 Jan 2024 11:16:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1706296570; x=1706901370; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=FRtYrFWHY3/LhSkkQtOMbfnTFclwCk4KZtolvlMAUxc=; b=INEaEYQCA5q/xVK8QMu3kRWb1xK88XSc5UWR56jYbNjXMBGU9Uvkrag/ht227tmmOO 1Pw+0N5pRGssu8LHeVZV5Dl62Q3X7M5qUD3KdFiOn9zTmb4yWixFYWAfqeh+Ver2/c78 Gh7dsMa8bcB2ZYRr853de9MY39s+7lQlLfy3BKHqx7MP0nsIhWZm7K2h+e1dhGsiJPnA IBQ6rYTPbls1YZ58kaU8kbn3JjKvseGw4HdsItUtEFPhZWMTXA5/I6F4tyDODFD0j/MB mgDTgJ0k+hXdR74p7I3UM8c7P6o+0BapDnlfYk5hbKF1cCVIh5RKGzZlfa/XIRMflPKZ MoIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706296570; x=1706901370; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=FRtYrFWHY3/LhSkkQtOMbfnTFclwCk4KZtolvlMAUxc=; b=BvZ/FddOALTX/ia2AzZRCfWkWy3ueKULrkhoBBXDzny59RBnet4CddudhNXTEB/0iz ygOKHH3aWwZlLU02PmIVaEk5F8NXM7vYQUzIZmbPV8sPeulaxGajCbFePvsDjd6hRXWI z1T6Eo8pyz71Aso46Z0ytvhbwu+cZQy8qo/gfD7WDqrZkEXVm4M0/GG6A28whvotUVWC qdl8B6QZHNvHM0CqQLD3n8W3c+hUbTDEky4oztDa8nUqKvcpYngLXdTVu+seHwIsZs7J 2f81TS8C7H5ONTdUFofw6nokfwhhv+Tq3y3sk1HUyekOxDYdPx5fAXodJw8TV6aVZXuc 81MA==
X-Gm-Message-State: AOJu0YyzpQt8Dc4lyqHz6+vwLG9QkVTJp2NcCeD4OyMYHR2l4YYzhKg4 RG1QtQ74AtAPsi8RCClckzI5qhM63fgq8hQR7M4YUxvQgnQd+WQjmvCQDt1Pv1N++cXBV0Zt2YF SYUAttT6Z+Hm9v9Z4btCfzCKN32051BVz
X-Google-Smtp-Source: AGHT+IH+uhf7PIhC5KAVbJ1JS8g4LlWe+t17ROvp95IFPs7SziAvsOYjCmBhIOhwcuaFkTOYPPTYmZksPN9R30R/Pxo=
X-Received: by 2002:a05:6122:30a5:b0:4bd:b44c:24c1 with SMTP id cd37-20020a05612230a500b004bdb44c24c1mr312526vkb.11.1706296570329; Fri, 26 Jan 2024 11:16:10 -0800 (PST)
MIME-Version: 1.0
References: <20240126184827.CEAB83E8A8@rfcpa.amsl.com>
In-Reply-To: <20240126184827.CEAB83E8A8@rfcpa.amsl.com>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Fri, 26 Jan 2024 11:15:57 -0800
Message-ID: <CAM4esxQ38JVxsnxm-25c8adPTuToOOHaTJsdVmM572yCDoVbeQ@mail.gmail.com>
Subject: Re: [Technical Errata Reported] RFC9001 (7785)
To: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: mt@lowentropy.net, sean@sn3rd.com, zahed.sarker.ietf@gmail.com, matt.joras@gmail.com, lucas@lucaspardue.com, tpearson@tenable.com, quic@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f4c52d060fde20d5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/HqinjgAoYy-3Xn0GQ_gMsLl_zMs>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jan 2024 19:16:15 -0000

This erratum is incorrect and should be rejected. The full packet number is
62 bits, although it is never expressed as such in the packet number field
of the header.

On Fri, Jan 26, 2024 at 10:48 AM RFC Errata System <
rfc-editor@rfc-editor.org> wrote:

> The following errata report has been submitted for RFC9001,
> "Using TLS to Secure QUIC".
>
> --------------------------------------
> You may review the report below and at:
> https://www.rfc-editor.org/errata/eid7785
>
> --------------------------------------
> Type: Technical
> Reported by: Tom Pearson <tpearson@tenable.com>
>
> Section: 5.3
>
> Original Text
> -------------
> The key and IV for the packet are computed as described in
> Section 5.1.  The nonce, N, is formed by combining the packet
> protection IV with the packet number.  The 62 bits of the
> reconstructed QUIC packet number in network byte order are left-
> padded with zeros to the size of the IV.  The exclusive OR of the
> padded packet number and the IV forms the AEAD nonce.
>
> Corrected Text
> --------------
> The key and IV for the packet are computed as described in
> Section 5.1.  The nonce, N, is formed by combining the packet
> protection IV with the packet number.  The 32 bits of the
> reconstructed QUIC packet number in network byte order are left-
> padded with zeros to the size of the IV.  The exclusive OR of the
> padded packet number and the IV forms the AEAD nonce.
>
> Notes
> -----
> Given the description of packet number reconstruction in RFC9000 section
> 17.1 and the example in RFC9000 Appendix A3, the length of reconstructed
> packet number should be 32 bits, not 62 bits.
>
> Instructions:
> -------------
> This erratum is currently posted as "Reported". (If it is spam, it
> will be removed shortly by the RFC Production Center.) Please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party
> will log in to change the status and edit the report, if necessary.
>
> --------------------------------------
> RFC9001 (draft-ietf-quic-tls-34)
> --------------------------------------
> Title               : Using TLS to Secure QUIC
> Publication Date    : May 2021
> Author(s)           : M. Thomson, Ed., S. Turner, Ed.
> Category            : PROPOSED STANDARD
> Source              : QUIC
> Area                : Transport
> Stream              : IETF
> Verifying Party     : IESG
>

v2.23.0 | Report a Bug | By Email