Re: [TLS] [Editorial Errata Reported] RFC9257 (7643)
Chris Smiley <csmiley@amsl.com> Mon, 18 September 2023 22:52 UTC
Return-Path: <csmiley@amsl.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C4ABC1524BC for <tls@ietfa.amsl.com>; Mon, 18 Sep 2023 15:52:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.208
X-Spam-Level:
X-Spam-Status: No, score=-4.208 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l6Lfs0ZANMcd for <tls@ietfa.amsl.com>; Mon, 18 Sep 2023 15:52:13 -0700 (PDT)
Received: from c8a.amsl.com (c8a.amsl.com [4.31.198.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09DC7C1524DB for <tls@ietf.org>; Mon, 18 Sep 2023 15:52:13 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by c8a.amsl.com (Postfix) with ESMTP id E4859424B446; Mon, 18 Sep 2023 15:52:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from c8a.amsl.com ([127.0.0.1]) by localhost (c8a.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pIEAZkCvzD3z; Mon, 18 Sep 2023 15:52:12 -0700 (PDT)
Received: from smtpclient.apple (cpe-76-95-228-63.socal.res.rr.com [76.95.228.63]) by c8a.amsl.com (Postfix) with ESMTPSA id 8D91B424B443; Mon, 18 Sep 2023 15:52:12 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.500.231\))
From: Chris Smiley <csmiley@amsl.com>
In-Reply-To: <20230917132239.AD7287FDC1@rfcpa.amsl.com>
Date: Mon, 18 Sep 2023 15:52:01 -0700
Cc: hvn@radiatorsoftware.com, Russ Housley <housley@vigilsec.com>, jonathan.hoyland@gmail.com, mohit@iki.fi, Christopher Wood <caw@heapingbits.net>, tls@ietf.org, RFC Errata System <rfc-editor@rfc-editor.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <67B9AB4B-DDC5-4364-96E5-581381404A47@amsl.com>
References: <20230917132239.AD7287FDC1@rfcpa.amsl.com>
To: Paul Wouters <paul.wouters@aiven.io>
X-Mailer: Apple Mail (2.3731.500.231)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/H6HtG1GwbdaB0WEtct3XRBaf04I>
Subject: Re: [TLS] [Editorial Errata Reported] RFC9257 (7643)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Sep 2023 22:52:17 -0000
Hi Paul, We are unable to verify this erratum that the submitter marked as editorial. Please note that we have changed the “Type” of the following errata report to “Technical”. As Stream Approver, please review and set the Status and Type accordingly (see the definitions at https://www.rfc-editor.org/errata-definitions/). You may review the report at: https://www.rfc-editor.org/errata/eid7643 Please see https://www.rfc-editor.org/how-to-verify/ for further information on how to verify errata reports. Further information on errata can be found at: https://www.rfc-editor.org/errata.php. Thank you. RFC Editor/cs > On Sep 17, 2023, at 6:22 AM, RFC Errata System <rfc-editor@rfc-editor.org> wrote: > > The following errata report has been submitted for RFC9257, > "Guidance for External Pre-Shared Key (PSK) Usage in TLS". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid7643 > > -------------------------------------- > Type: Editorial > Reported by: Heikki Vatiainen <hvn@radiatorsoftware.com> > > Section: 6.1. Stack Interface > > Original Text > ------------- > * OpenSSL and BoringSSL: Applications can specify support for > external PSKs via distinct ciphersuites in TLS 1.2 and below. > Also, they can then configure callbacks that are invoked for PSK > selection during the handshake. These callbacks must provide a > PSK identity and key. The exact format of the callback depends on > the negotiated TLS protocol version, with new callback functions > added specifically to OpenSSL for TLS 1.3 [RFC8446] PSK support. > The PSK length is validated to be between 1-256 bytes (inclusive). > The PSK identity may be up to 128 bytes long. > > Corrected Text > -------------- > * OpenSSL and BoringSSL: Applications can specify support for > external PSKs via distinct ciphersuites in TLS 1.2 and below. > Also, they can then configure callbacks that are invoked for PSK > selection during the handshake. These callbacks must provide a > PSK identity and key. The exact format of the callback depends on > the negotiated TLS protocol version, with new callback functions > added specifically to OpenSSL for TLS 1.3 [RFC8446] PSK support. > The PSK length is validated to be between 1-256 bytes (inclusive). > The PSK identity may be up to 128 bytes long. OpenSSL 3.0 > increased PSK maximum length to 512 bytes and PSK identity maximum > length to 256 bytes to match existing implementations and > specifications. > > Notes > ----- > OpenSSL PSK length and PSK identity length were increased to 256 and 512 octets, respectively, for OpenSSL 3.0. There appear to be implementations and specifications that require these longer lengths. See here for more information: > https://github.com/openssl/openssl/pull/12777 > https://github.com/openssl/openssl/pull/12771 > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC9257 (draft-ietf-tls-external-psk-guidance-06) > -------------------------------------- > Title : Guidance for External Pre-Shared Key (PSK) Usage in TLS > Publication Date : July 2022 > Author(s) : R. Housley, J. Hoyland, M. Sethi, C. A. Wood > Category : INFORMATIONAL > Source : Transport Layer Security > Area : Security > Stream : IETF > Verifying Party : IESG >
- [TLS] [Editorial Errata Reported] RFC9257 (7643) RFC Errata System
- Re: [TLS] [Editorial Errata Reported] RFC9257 (76… Chris Smiley
- Re: [TLS] [Editorial Errata Reported] RFC9257 (76… Salz, Rich