[TLS] [Technical Errata Reported] RFC8448 (5645)
RFC Errata System <rfc-editor@rfc-editor.org> Thu, 28 February 2019 06:21 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0485E130DEC for <tls@ietfa.amsl.com>; Wed, 27 Feb 2019 22:21:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xl9_vvsQdOCV for <tls@ietfa.amsl.com>; Wed, 27 Feb 2019 22:21:12 -0800 (PST)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46192129508 for <tls@ietf.org>; Wed, 27 Feb 2019 22:21:12 -0800 (PST)
Received: by rfc-editor.org (Postfix, from userid 30) id CEED9B81D2D; Wed, 27 Feb 2019 22:20:51 -0800 (PST)
To: martin.thomson@gmail.com, kaduk@mit.edu, ekr@rtfm.com, christopherwood07@gmail.com, joe@salowey.net, sean+ietf@sn3rd.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: Mai_Anthony@hotmail.com, tls@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20190228062051.CEED9B81D2D@rfc-editor.org>
Date: Wed, 27 Feb 2019 22:20:51 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/HGQ4DiTXwc_AjYYGaHztPGWpyxQ>
Subject: [TLS] [Technical Errata Reported] RFC8448 (5645)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2019 06:21:14 -0000
The following errata report has been submitted for RFC8448, "Example Handshake Traces for TLS 1.3". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata/eid5645 -------------------------------------- Type: Technical Reported by: Anthony Mai <Mai_Anthony@hotmail.com> Section: 2 Original Text ------------- Ephemeral private keys are shown as they are generated in the traces. Corrected Text -------------- Ephemeral private keys are shown as they are generated in the traces. Note that X25519 private keys are trimmed in accordance to [RFC 7748] Section 5, before use. This is done by clearing bit 0 to 2 of the first byte and bit 7 of the last byte. And then set bit 6 of the last byte. Notes ----- On page 3,5,16,20,29,43,44,55,57, there are ten X25519 ephemeral private keys listed. None of these private key value, when used directly in X25519 calculation, will yield the associated public key listed. These private key values are not the actual values used. Instead up to 5 bits are modified as recommended by RFC 7748 section 5. Some implementations may choose NOT to do such trimming, and it does not affect the connectivity, as the private keys are never sent over the wire and does not affect network behavior. Not clarifying how the X25519 private keys were modified before using could cause serious confusion. I personally struggled for a day before figuring out this little obscure detail. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC8448 (draft-ietf-tls-tls13-vectors-07) -------------------------------------- Title : Example Handshake Traces for TLS 1.3 Publication Date : January 2019 Author(s) : M. Thomson Category : INFORMATIONAL Source : Transport Layer Security Area : Security Stream : IETF Verifying Party : IESG
- [TLS] [Technical Errata Reported] RFC8448 (5645) RFC Errata System
- Re: [TLS] [Technical Errata Reported] RFC8448 (56… Sean Turner