[TLS] [Editorial Errata Reported] RFC5054 (7538)

RFC Errata System <rfc-editor@rfc-editor.org> Wed, 07 June 2023 06:59 UTC

Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 3AB82C14CE4F for <tls@ietfa.amsl.com>; Tue, 6 Jun 2023 23:59:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.647
X-Spam-Status: No, score=-6.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id K_WQDXfoFRSQ for <tls@ietfa.amsl.com>; Tue, 6 Jun 2023 23:58:56 -0700 (PDT)
Received: from rfcpa.amsl.com (rfc-editor.org []) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A825AC14CE4D for <tls@ietf.org>; Tue, 6 Jun 2023 23:58:56 -0700 (PDT)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 4DDDA1EDCA24; Tue, 6 Jun 2023 23:58:56 -0700 (PDT)
To: rfc-editor@rfc-editor.org
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: arthur200126@gmail.com, dtaylor@gnutls.org, thomwu@cisco.com, nmav@gnutls.org, trevp@trevp.net, tls@ietf.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20230607065856.4DDDA1EDCA24@rfcpa.amsl.com>
Date: Tue, 06 Jun 2023 23:58:56 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/GZSj2ol2QNj4nvSNAgslscPbhT8>
Subject: [TLS] [Editorial Errata Reported] RFC5054 (7538)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jun 2023 06:59:01 -0000

The following errata report has been submitted for RFC5054,
"Using the Secure Remote Password (SRP) Protocol for TLS Authentication".

You may review the report below and at:

Type: Editorial
Reported by: Mingye Wang <arthur200126@gmail.com>

Section: 2.1

Original Text
 The version of SRP used here is sometimes referred to as "SRP-6"

Corrected Text
 The version of SRP used here is sometimes referred to as "SRP-6a"

 [SRP-6a]: Wu, T., "SRP Protocol Design", circa 2005, http://srp.stanford.edu/design.html

The protocol described uses a non-constant k, which is an innovation of SRP-6a -- never published formally in a technical report (until this RFC) and dating to ~2005 if we go by the libsrp version history. Actual [SRP-6] of 2002 uses a constant k = 3.

Reference to the [SRP-6] text is still valuable for rationale, but is not accurate. Confusion between these two versions is harmful and may impeded interoperability.

This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
can log in to change the status and edit the report, if necessary. 

RFC5054 (draft-ietf-tls-srp-14)
Title               : Using the Secure Remote Password (SRP) Protocol for TLS Authentication
Publication Date    : November 2007
Author(s)           : D. Taylor, T. Wu, N. Mavrogiannopoulos, T. Perrin
Category            : INFORMATIONAL
Source              : Transport Layer Security
Area                : Security
Stream              : IETF
Verifying Party     : IESG