Re: [TLS] [Technical Errata Reported] RFC5054 (4546)
Rick van Rein <rick@openfortress.nl> Sun, 17 January 2016 18:53 UTC
Return-Path: <rick@openfortress.nl>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CB3F1B3080 for <tls@ietfa.amsl.com>; Sun, 17 Jan 2016 10:53:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.702
X-Spam-Level:
X-Spam-Status: No, score=-0.702 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RvLN9jNYvvgR for <tls@ietfa.amsl.com>; Sun, 17 Jan 2016 10:53:57 -0800 (PST)
Received: from lb3-smtp-cloud6.xs4all.net (lb3-smtp-cloud6.xs4all.net [194.109.24.31]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA78A1B307F for <tls@ietf.org>; Sun, 17 Jan 2016 10:53:56 -0800 (PST)
Received: from airhead.local ([83.161.146.46]) by smtp-cloud6.xs4all.net with ESMTP id 76tq1s00K10HQrX016trYx; Sun, 17 Jan 2016 19:53:54 +0100
Message-ID: <569BE33D.7050709@openfortress.nl>
Date: Sun, 17 Jan 2016 19:53:49 +0100
From: Rick van Rein <rick@openfortress.nl>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: RFC Errata System <rfc-editor@rfc-editor.org>
References: <20151130160212.90398180013@rfc-editor.org>
In-Reply-To: <20151130160212.90398180013@rfc-editor.org>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/5yg_FTCvvNn08r8tmi4uc03_SKY>
X-Mailman-Approved-At: Tue, 19 Jan 2016 13:31:17 -0800
Cc: dtaylor@gnutls.org, sean+ietf@sn3rd.com, Kathleen.Moriarty.ietf@gmail.com, tls@ietf.org, nmav@gnutls.org, thomwu@cisco.com
Subject: Re: [TLS] [Technical Errata Reported] RFC5054 (4546)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Jan 2016 18:53:59 -0000
Hello, Could I bring this erratum reported in November to your attention once more? I think it calls for correction. Thanks, -Rick > RFC Errata System <mailto:rfc-editor@rfc-editor.org> > 30 November 2015 at 17:02 > The following errata report has been submitted for RFC5054, > "Using the Secure Remote Password (SRP) Protocol for TLS Authentication". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=5054&eid=4546 > > -------------------------------------- > Type: Technical > Reported by: Rick van Rein <rick@openfortress.nl> > > Section: 2.6 > > Original Text > ------------- > B = k*v + g^b % N > > Corrected Text > -------------- > B = ( k*v + g^b ) % N > > Notes > ----- > The customary binding is that + has lower priority than % and so the > default reading of the expression would be > B = k*v + ( g^b % N ) > That is inconsistent with the existence of PAD(B) and the size of B in > the test vectors, so the context hints at proper brackets, but this > may still lead to implementation errors (of which I actually ran into > an example). > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party (IESG) > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC5054 (draft-ietf-tls-srp-14) > -------------------------------------- > Title : Using the Secure Remote Password (SRP) Protocol for TLS > Authentication > Publication Date : November 2007 > Author(s) : D. Taylor, T. Wu, N. Mavrogiannopoulos, T. Perrin > Category : INFORMATIONAL > Source : Transport Layer Security > Area : Security > Stream : IETF > Verifying Party : IESG >
- [TLS] [Technical Errata Reported] RFC5054 (4546) RFC Errata System
- Re: [TLS] [Technical Errata Reported] RFC5054 (45… Nikos Mavrogiannopoulos
- Re: [TLS] [Technical Errata Reported] RFC5054 (45… Rick van Rein