[TLS] [Errata Held for Document Update] RFC2712 (5432)
RFC Errata System <rfc-editor@rfc-editor.org> Fri, 12 January 2024 20:32 UTC
Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EEBFC14F5ED; Fri, 12 Jan 2024 12:32:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.658
X-Spam-Level:
X-Spam-Status: No, score=-6.658 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 62UNGqnKBdvx; Fri, 12 Jan 2024 12:32:14 -0800 (PST)
Received: from rfcpa.amsl.com (rfcpa.amsl.com [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87C8CC14F5FB; Fri, 12 Jan 2024 12:32:14 -0800 (PST)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 30D911B65DCE; Fri, 12 Jan 2024 12:32:14 -0800 (PST)
To: eugene.adell@gmail.com, amedvins@excitecorp.com, matt.hur@cybersafe.com
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: paul.wouters@aiven.io, iesg@ietf.org, tls@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20240112203214.30D911B65DCE@rfcpa.amsl.com>
Date: Fri, 12 Jan 2024 12:32:14 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/OEC5yLdE20SWF492NDdzx801m6w>
Subject: [TLS] [Errata Held for Document Update] RFC2712 (5432)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jan 2024 20:32:18 -0000
The following errata report has been held for document update for RFC2712, "Addition of Kerberos Cipher Suites to Transport Layer Security (TLS)". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid5432 -------------------------------------- Status: Held for Document Update Type: Technical Reported by: Eugene Adell <eugene.adell@gmail.com> Date Reported: 2018-07-20 Held by: Paul Wouters (IESG) Section: Appendix Original Text ------------- Corrected Text -------------- Appendix RFC 2712 introduces new cipher suites values, starting with the cipher value { 0x00, 0x1E }. This cipher value was earlier known as a Fortezza cipher suite, and this could lead to a conflict. Notes ----- Errata 5409 was rejected and I was suggested to post another one at this place. RFC 2712 (Addition of Kerberos Cipher Suites to Transport Layer Security) in its Draft 01 version introduces new cipher suites values, among them three are colliding with the Fortezza cipher suites. The Draft 02 version partially corrects that, by shifting all of the Kerberos cipher suites values by two. This omission of the third Fortezza cipher suite has never been corrected, and this remains in the same state in the final RFC 2712. As a result, the cipher suite value { 0x00, 0x1E } is now officially known as a Kerberos one. Although not documented themselves by any RFC, the two non conflicting Fortezza cipher suites are mentioned in the same note in the TLS protocol RFC (2246, 4346, 5246). This gives an explanation on how the Kerberos cipher suite values were chosen. -------------------------------------- RFC2712 (draft-ietf-tls-kerb-cipher-suites-04) -------------------------------------- Title : Addition of Kerberos Cipher Suites to Transport Layer Security (TLS) Publication Date : October 1999 Author(s) : A. Medvinsky, M. Hur Category : PROPOSED STANDARD Source : Transport Layer Security Area : Security Stream : IETF Verifying Party : IESG
- [TLS] [Errata Held for Document Update] RFC2712 (… RFC Errata System