Re: [TLS] [Technical Errata Reported] RFC5054 (4546)

Rick van Rein <rick@openfortress.nl> Sun, 17 January 2016 18:53 UTC

Return-Path: <rick@openfortress.nl>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CB3F1B3080 for <tls@ietfa.amsl.com>; Sun, 17 Jan 2016 10:53:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.702
X-Spam-Level:
X-Spam-Status: No, score=-0.702 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RvLN9jNYvvgR for <tls@ietfa.amsl.com>; Sun, 17 Jan 2016 10:53:57 -0800 (PST)
Received: from lb3-smtp-cloud6.xs4all.net (lb3-smtp-cloud6.xs4all.net [194.109.24.31]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA78A1B307F for <tls@ietf.org>; Sun, 17 Jan 2016 10:53:56 -0800 (PST)
Received: from airhead.local ([83.161.146.46]) by smtp-cloud6.xs4all.net with ESMTP id 76tq1s00K10HQrX016trYx; Sun, 17 Jan 2016 19:53:54 +0100
Message-ID: <569BE33D.7050709@openfortress.nl>
Date: Sun, 17 Jan 2016 19:53:49 +0100
From: Rick van Rein <rick@openfortress.nl>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: RFC Errata System <rfc-editor@rfc-editor.org>
References: <20151130160212.90398180013@rfc-editor.org>
In-Reply-To: <20151130160212.90398180013@rfc-editor.org>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/5yg_FTCvvNn08r8tmi4uc03_SKY>
X-Mailman-Approved-At: Tue, 19 Jan 2016 13:31:17 -0800
Cc: dtaylor@gnutls.org, sean+ietf@sn3rd.com, Kathleen.Moriarty.ietf@gmail.com, tls@ietf.org, nmav@gnutls.org, thomwu@cisco.com
Subject: Re: [TLS] [Technical Errata Reported] RFC5054 (4546)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Jan 2016 18:53:59 -0000

Hello,

Could I bring this erratum reported in November to your attention once
more?  I think it calls for correction.

Thanks,
 -Rick
> RFC Errata System <mailto:rfc-editor@rfc-editor.org>
> 30 November 2015 at 17:02
> The following errata report has been submitted for RFC5054,
> "Using the Secure Remote Password (SRP) Protocol for TLS Authentication".
>
> --------------------------------------
> You may review the report below and at:
> http://www.rfc-editor.org/errata_search.php?rfc=5054&eid=4546
>
> --------------------------------------
> Type: Technical
> Reported by: Rick van Rein <rick@openfortress.nl>;
>
> Section: 2.6
>
> Original Text
> -------------
> B = k*v + g^b % N
>
> Corrected Text
> --------------
> B = ( k*v + g^b ) % N
>
> Notes
> -----
> The customary binding is that + has lower priority than % and so the
> default reading of the expression would be
> B = k*v + ( g^b % N )
> That is inconsistent with the existence of PAD(B) and the size of B in
> the test vectors, so the context hints at proper brackets, but this
> may still lead to implementation errors (of which I actually ran into
> an example).
>
> Instructions:
> -------------
> This erratum is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party (IESG)
> can log in to change the status and edit the report, if necessary.
>
> --------------------------------------
> RFC5054 (draft-ietf-tls-srp-14)
> --------------------------------------
> Title : Using the Secure Remote Password (SRP) Protocol for TLS
> Authentication
> Publication Date : November 2007
> Author(s) : D. Taylor, T. Wu, N. Mavrogiannopoulos, T. Perrin
> Category : INFORMATIONAL
> Source : Transport Layer Security
> Area : Security
> Stream : IETF
> Verifying Party : IESG
>