[tcpm] [Technical Errata Reported] RFC5926 (5267)
RFC Errata System <rfc-editor@rfc-editor.org> Mon, 26 February 2018 19:02 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94CAB12D878 for <tcpm@ietfa.amsl.com>; Mon, 26 Feb 2018 11:02:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QXxw_m3NJx2p for <tcpm@ietfa.amsl.com>; Mon, 26 Feb 2018 11:02:18 -0800 (PST)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEAFC12D875 for <tcpm@ietf.org>; Mon, 26 Feb 2018 11:02:18 -0800 (PST)
Received: by rfc-editor.org (Postfix, from userid 30) id F3D43B80E1F; Mon, 26 Feb 2018 11:02:09 -0800 (PST)
To: gregory.ietf@gmail.com, ekr@rtfm.com, spencerdawkins.ietf@gmail.com, ietf@kuehlewind.net, michael.scharf@nokia.com, tuexen@fh-muenster.de, nishida@sfc.wide.ad.jp
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: bew@cisco.com, tcpm@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20180226190209.F3D43B80E1F@rfc-editor.org>
Date: Mon, 26 Feb 2018 11:02:09 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/igIq12xYtSxKFYAhYRNDc05ERLM>
X-Mailman-Approved-At: Tue, 27 Feb 2018 08:00:46 -0800
Subject: [tcpm] [Technical Errata Reported] RFC5926 (5267)
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Feb 2018 19:02:21 -0000
The following errata report has been submitted for RFC5926, "Cryptographic Algorithms for the TCP Authentication Option (TCP-AO)". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata/eid5267 -------------------------------------- Type: Technical Reported by: Brian Weis <bew@cisco.com> Section: 3.1.1 Original Text ------------- - Label: A binary string that clearly identifies the purpose of this KDF's derived keying material. For TCP-AO, we use the ASCII string "TCP-AO", where the last character is the capital letter "O", not to be confused with a zero. While this may seem like overkill in this specification since TCP-AO only describes one call to the KDF, it is included in order to comply with FIPS 140 certifications. Corrected Text -------------- - Label: A binary string that clearly identifies the purpose of this KDF's derived keying material. For TCP-AO, we use the ASCII string "TCP-AO", where the last character is the capital letter "O", not to be confused with a zero. The ASCII string is terminated with a null octet (0x00). While this may seem like overkill in this specification since TCP-AO only describes one call to the KDF, it is included in order to comply with FIPS 140 certifications. Notes ----- This section states that "Both of these KDFs are based on the iteration-mode KDFs specified in [NIST-SP800-108].", which is later clarified to be the "counter mode" KDF defined in that document. The definition of the "Label" input to the KDF in the original text is not clear. [NIST-SP800-108] specifies that a 0x00 octet should follow the Label. This 0x00 octet is important when the KDF does not have control over the Context given it, which is the case here -- RFC 5926 depends on the definition in RFC 5925. RFC 5925 currently declares two fixed-size inputs for the Context (See Figures 7 & 8 of RFC 5925), so the Context length differs. Also, RFC 5925 RFC could be updated over over time to include other Contexts that are variable sized. The risk of excluding 0x00 is enabling an attacker to choose a specially-crafted Context that violates the clean separation between the Label and Context arguments. Therefore, it is important to include the 0x00 octet for TCP-AO. I believe this 0x00 is implied in the specification of the string "TCP-AO", since conventionally many string definitions include a trailing 0x00 octet, The text should state that the 0x00 octet is present as part of the string. If this errata does not result in adding the 0x00 octet, then its omission needs to be justified. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC5926 (draft-ietf-tcpm-tcp-ao-crypto-03) -------------------------------------- Title : Cryptographic Algorithms for the TCP Authentication Option (TCP-AO) Publication Date : June 2010 Author(s) : G. Lebovitz, E. Rescorla Category : PROPOSED STANDARD Source : TCP Maintenance and Minor Extensions Area : Transport Stream : IETF Verifying Party : IESG
- [tcpm] [Technical Errata Reported] RFC5926 (5267) RFC Errata System
- Re: [tcpm] [Technical Errata Reported] RFC5926 (5… Joe Touch
- Re: [tcpm] [Technical Errata Reported] RFC5926 (5… Brian Weis (bew)
- Re: [tcpm] [Technical Errata Reported] RFC5926 (5… touch
- Re: [tcpm] [Technical Errata Reported] RFC5926 (5… Theodore V Faber
- Re: [tcpm] [Technical Errata Reported] RFC5926 (5… Joe Touch