[TLS] [Technical Errata Reported] RFC8422 (8179)
RFC Errata System <rfc-editor@rfc-editor.org> Sat, 16 November 2024 12:03 UTC
Return-Path: <wwwrun@rfcpa.rfc-editor.org>
X-Original-To: tls@ietf.org
Delivered-To: tls@ietfa.amsl.com
Received: from rfcpa.rfc-editor.org (unknown [167.172.21.234]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53D63C151077; Sat, 16 Nov 2024 04:03:04 -0800 (PST)
Received: by rfcpa.rfc-editor.org (Postfix, from userid 461) id AF6433B87C; Sat, 16 Nov 2024 04:03:03 -0800 (PST)
To: ynir.ietf@gmail.com, simon@josefsson.org, mpg@elzevir.fr, debcooley1@gmail.com, paul.wouters@aiven.io, joe@salowey.net, sean+ietf@sn3rd.com, durumcrustulum@gmail.com
From: RFC Errata System <rfc-editor@rfc-editor.org>
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20241116120303.AF6433B87C@rfcpa.rfc-editor.org>
Date: Sat, 16 Nov 2024 04:03:03 -0800
Message-ID-Hash: EUZ22YSUNZMQOZHUPQ3IFCZA3KCKB5ND
X-Message-ID-Hash: EUZ22YSUNZMQOZHUPQ3IFCZA3KCKB5ND
X-MailFrom: wwwrun@rfcpa.rfc-editor.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: 648936027@qq.com, tls@ietf.org, rfc-editor@rfc-editor.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] [Technical Errata Reported] RFC8422 (8179)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/WLfgMz2V8oGC1vBQyouol3OJQUY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
The following errata report has been submitted for RFC8422, "Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid8179 -------------------------------------- Type: Technical Reported by: warren.wang <648936027@qq.com> Section: 5.4. Server Key Exc Original Text ------------- The ServerKeyExchange message is extended as follows. enum { ec_diffie_hellman } KeyExchangeAlgorithm; o ec_diffie_hellman: Indicates the ServerKeyExchange message contains an ECDH public key. select (KeyExchangeAlgorithm) { case ec_diffie_hellman: ServerECDHParams params; Signature signed_params; } ServerKeyExchange; ..................................................... enum { ecdsa(3), ed25519(7) ed448(8) } SignatureAlgorithm; select (SignatureAlgorithm) { case ecdsa: digitally-signed struct { opaque sha_hash[sha_size]; }; case ed25519,ed448: digitally-signed struct { opaque rawdata[rawdata_size]; }; } Signature; ServerKeyExchange.signed_params.sha_hash SHA(ClientHello.random + ServerHello.random + ServerKeyExchange.params); ServerKeyExchange.signed_params.rawdata ClientHello.random + ServerHello.random + ServerKeyExchange.params; NOTE: SignatureAlgorithm is "rsa" for the ECDHE_RSA key exchange algorithm and "anonymous" for ECDH_anon. These cases are defined in TLS. SignatureAlgorithm is "ecdsa" or "eddsa" for ECDHE_ECDSA. Corrected Text -------------- The extended ServerKeyExchange message seems just for tls version 1.0 and version 1.1, not for 1.2, because tls version 1.2 ServerKeyExchange message format is different from version 1.0 and 1.1. The following is tls version 1.2 ServerKeyExchange message format: struct { select (KeyExchangeAlgorithm) { case dh_anon: ServerDHParams params; case dhe_dss: case dhe_rsa: ServerDHParams params; digitally-signed struct { opaque client_random[32]; opaque server_random[32]; ServerDHParams params; } signed_params; case rsa: case dh_dss: case dh_rsa: struct {} ; /* message is omitted for rsa, dh_dss, and dh_rsa */ /* may be extended, e.g., for ECDH -- see [TLSECC] */ }; } ServerKeyExchange; it does not specify the message format for ECDH_RSA and ECDH_anon, the "NOTE" in original text does not apply to tls version 1.2, because it doesn't have the "Signature" field. Notes ----- the ServerKeyExchange for ECDH_RSA and ECDH_anon should be specified for tls version 1.2. Instructions: ------------- This erratum is currently posted as "Reported". (If it is spam, it will be removed shortly by the RFC Production Center.) Please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party will log in to change the status and edit the report, if necessary. -------------------------------------- RFC8422 (draft-ietf-tls-rfc4492bis-17) -------------------------------------- Title : Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier Publication Date : August 2018 Author(s) : Y. Nir, S. Josefsson, M. Pegourie-Gonnard Category : PROPOSED STANDARD Source : Transport Layer Security Stream : IETF Verifying Party : IESG
- [TLS] [Technical Errata Reported] RFC8422 (8179) RFC Errata System