[TLS] [Technical Errata Reported] RFC8879 (8738)

RFC Errata System <rfc-editor@rfc-editor.org> Wed, 04 February 2026 05:41 UTC

Return-Path: <wwwrun@rfcpa.rfc-editor.org>
X-Original-To: tls@ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from rfcpa.rfc-editor.org (unknown [167.172.21.234]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id EF7D0B192FEE; Tue, 3 Feb 2026 21:41:11 -0800 (PST)
Received: by rfcpa.rfc-editor.org (Postfix, from userid 461) id D0A8CC000CE0; Tue, 3 Feb 2026 21:41:11 -0800 (PST)
To: alessandro@cloudflare.com, vasilvv@google.com, debcooley1@gmail.com, paul.wouters@aiven.io, joe@salowey.net, sean+ietf@sn3rd.com, durumcrustulum@gmail.com
From: RFC Errata System <rfc-editor@rfc-editor.org>
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20260204054111.D0A8CC000CE0@rfcpa.rfc-editor.org>
Date: Tue, 03 Feb 2026 21:41:11 -0800
Message-ID-Hash: GZW7KNJDBK5T67YW7MIWUQNJKJNSPJG3
X-Message-ID-Hash: GZW7KNJDBK5T67YW7MIWUQNJKJNSPJG3
X-MailFrom: wwwrun@rfcpa.rfc-editor.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: tls@ietf.org, rfc-editor@rfc-editor.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] [Technical Errata Reported] RFC8879 (8738)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/03hVr83igs5lonEKv2fosF7ay2E>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

The following errata report has been submitted for RFC8879,
"TLS Certificate Compression".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid8738

--------------------------------------
Type: Technical
Reported by: Kazu Yamamoto <kazu@iij.ad.jp>

Section: 5

Original Text
-------------
After decompression, the Certificate message MUST be processed as if
it were encoded without being compressed. This way, the parsing and
the verification have the same security properties as they would have
in TLS normally.

Corrected Text
--------------
After decompression, the Certificate message MUST be processed as if
it were encoded without being compressed, with the exception of the
handshake transcript. The CompressedCertificate message is hashed into
the handshake transcript (Section 4.4.3 of [RFC8446]) in place of a
Certificate message.


Notes
-----
The corrected text is suggested by Martin Thomson.

Instructions:
-------------
This erratum is currently posted as "Reported". (If it is spam, it 
will be removed shortly by the RFC Production Center.) Please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
will log in to change the status and edit the report, if necessary.

--------------------------------------
RFC8879 (draft-ietf-tls-certificate-compression-10)
--------------------------------------
Title               : TLS Certificate Compression
Publication Date    : December 2020
Author(s)           : A. Ghedini, V. Vasiliev
Category            : PROPOSED STANDARD
Source              : Transport Layer Security
Stream              : IETF
Verifying Party     : IESG