Re: [smime] [Technical Errata Reported] RFC2631 (5954)

Benjamin Kaduk <kaduk@mit.edu> Wed, 08 January 2020 03:37 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: smime@ietfa.amsl.com
Delivered-To: smime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F44C120041 for <smime@ietfa.amsl.com>; Tue, 7 Jan 2020 19:37:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6QgXlo0IRBYg for <smime@ietfa.amsl.com>; Tue, 7 Jan 2020 19:36:58 -0800 (PST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1532A12002E for <smime@ietf.org>; Tue, 7 Jan 2020 19:36:57 -0800 (PST)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 0083ajjK031140 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 7 Jan 2020 22:36:47 -0500
Date: Tue, 7 Jan 2020 19:36:45 -0800
From: Benjamin Kaduk <kaduk@mit.edu>
To: smime@ietf.org
Cc: ekr@rtfm.com, rdd@cert.org, paul.hoffman@vpnc.org, blaker@gmail.com, silversplash@gmx.com
Message-ID: <20200108033645.GA57294@kduck.mit.edu>
References: <20200102204220.C652DF40707@rfc-editor.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20200102204220.C652DF40707@rfc-editor.org>
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/smime/RaSRbghG0490ZPKANlWD9X7AMqM>
Subject: Re: [smime] [Technical Errata Reported] RFC2631 (5954)
X-BeenThere: smime@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SMIME Working Group <smime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/smime>, <mailto:smime-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/smime/>
List-Post: <mailto:smime@ietf.org>
List-Help: <mailto:smime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/smime>, <mailto:smime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jan 2020 03:37:01 -0000

I could maybe see making this Hold For Document Update, as it would
probably require some discussion, and it's hard to say that this was an
omission at the time of original publication.

-Ben

On Thu, Jan 02, 2020 at 12:42:20PM -0800, RFC Errata System wrote:
> The following errata report has been submitted for RFC2631,
> "Diffie-Hellman Key Agreement Method".
> 
> --------------------------------------
> You may review the report below and at:
> https://www.rfc-editor.org/errata/eid5954
> 
> --------------------------------------
> Type: Technical
> Reported by: Paul Janson <silversplash@gmx.com>
> 
> Section: 2.1.5.
> 
> Original Text
> -------------
>      1. Verify that y lies within the interval [2,p-1]. If it does not,
>         the key is invalid.
>      2. Compute y^q mod p. If the result == 1, the key is valid.
>         Otherwise the key is invalid.
> 
> 
> Corrected Text
> --------------
>      1. Verify that y lies within the interval [2,p-1]. If it does not,
>         the key is invalid.
>      2. Compute y^q mod p. If the result == 1, the key is valid.
>         Otherwise the key is invalid.
> |    3. Verify that y does not match g.
> 
> 
> Notes
> -----
> Validating that (g == received y) needs to be an additional exclusion to the valid range [2,p-1]. If party 'a' accepts received public key 'yb' matching 'g', then ZZ matches  public key 'ya'. i.e. if yb = 2, then xb = 1, therefore ZZ = ya^1 = ya
> 
> Instructions:
> -------------
> This erratum is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party  
> can log in to change the status and edit the report, if necessary. 
> 
> --------------------------------------
> RFC2631 (draft-ietf-smime-x942-07)
> --------------------------------------
> Title               : Diffie-Hellman Key Agreement Method
> Publication Date    : June 1999
> Author(s)           : E. Rescorla
> Category            : PROPOSED STANDARD
> Source              : S/MIME Mail Security
> Area                : Security
> Stream              : IETF
> Verifying Party     : IESG