Re: [TLS] [Errata Rejected] RFC7366 (4284)
Megan Ferguson <mferguson@amsl.com> Wed, 01 April 2015 16:42 UTC
Return-Path: <mferguson@amsl.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84D921AD0B4; Wed, 1 Apr 2015 09:42:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hbRVJzerMzAR; Wed, 1 Apr 2015 09:42:51 -0700 (PDT)
Received: from mail.amsl.com (mail.amsl.com [IPv6:2001:1900:3001:11::28]) by ietfa.amsl.com (Postfix) with ESMTP id 127801AD0BA; Wed, 1 Apr 2015 09:42:25 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by c8a.amsl.com (Postfix) with ESMTP id A8AD71E5D8A; Wed, 1 Apr 2015 09:42:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from c8a.amsl.com ([127.0.0.1]) by localhost (c8a.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BxYXZ-hv2WBz; Wed, 1 Apr 2015 09:42:09 -0700 (PDT)
Received: from [10.0.1.3] (pool-100-36-211-121.washdc.fios.verizon.net [100.36.211.121]) by c8a.amsl.com (Postfix) with ESMTPA id 0D5DF1E5D5D; Wed, 1 Apr 2015 09:42:08 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Megan Ferguson <mferguson@amsl.com>
In-Reply-To: <20150330230611.0D5E718046C@rfc-editor.org>
Date: Wed, 01 Apr 2015 12:42:22 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <83742230-DDC3-420C-A49B-BADD80D2E952@amsl.com>
References: <20150330230611.0D5E718046C@rfc-editor.org>
To: RFC System <rfc-editor@rfc-editor.org>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/jMzqRT-_X1Jg9baVXV4YAHHVuAI>
X-Mailman-Approved-At: Wed, 01 Apr 2015 10:53:23 -0700
Cc: tls@ietf.org, dottomi@gmail.com, IESG <iesg@ietf.org>
Subject: Re: [TLS] [Errata Rejected] RFC7366 (4284)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2015 16:42:53 -0000
Greetings, This erratum has been deleted as requested. Thank you. RFC Editor/mf On Mar 30, 2015, at 7:06 PM, RFC Errata System <rfc-editor@rfc-editor.org> wrote: > The following errata report has been rejected for RFC7366, > "Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=7366&eid=4284 > > -------------------------------------- > Status: Rejected > Type: Technical > > Reported by: Tomasz Sobczyk <dottomi@gmail.com> > Date Reported: 2015-03-02 > Rejected by: Stephen Farrell (IESG) > > Section: 3 > > Original Text > ------------- > The overall TLS packet [2] is then: > > struct { > ContentType type; > ProtocolVersion version; > uint16 length; > GenericBlockCipher fragment; > opaque MAC; > } TLSCiphertext; > > The equivalent DTLS packet [4] is then: > > struct { > ContentType type; > ProtocolVersion version; > uint16 epoch; > uint48 sequence_number; > uint16 length; > GenericBlockCipher fragment; > opaque MAC; > } TLSCiphertext; > > This is identical to the existing TLS/DTLS layout, with the only > difference being that the MAC value is moved outside the encrypted > data. > > > Corrected Text > -------------- > The overall TLS packet [2] is then: > > struct { > ContentType type; > ProtocolVersion version; > uint16 length; > GenericBlockCipher fragment; > opaque MAC[SecurityParameters.mac_length]; > } TLSCiphertext; > > The equivalent DTLS packet [4] is then: > > struct { > ContentType type; > ProtocolVersion version; > uint16 epoch; > uint48 sequence_number; > uint16 length; > GenericBlockCipher fragment; > opaque MAC[SecurityParameters.mac_length]; > } TLSCiphertext; > > This is identical to the existing TLS/DTLS layout, with the only > differences being that the MAC value is moved outside the encrypted > data and the definition of TLSCiphertext.length changes to: > > length > The length (in bytes) of the following TLSCiphertext.fragment > and TLSCiphertext.MAC. > The length MUST NOT exceed 2^14 + 2048. > > > Notes > ----- > MAC array length is missing. > Also, the new structure changes the definition of TLSCiphertext.length. > As it currently stands, the length of the MAC is excluded from TLSCiphertext.length. > This is a duplicate of erratum 4212 which is now verified. > --VERIFIER NOTES-- > This is a duplicate of erratum 4212 which is now verified. > > -------------------------------------- > RFC7366 (draft-ietf-tls-encrypt-then-mac-03) > -------------------------------------- > Title : Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) > Publication Date : September 2014 > Author(s) : P. Gutmann > Category : PROPOSED STANDARD > Source : Transport Layer Security > Area : Security > Stream : IETF > Verifying Party : IESG >
- [TLS] [Errata Rejected] RFC7366 (4284) RFC Errata System
- Re: [TLS] [Errata Rejected] RFC7366 (4284) Megan Ferguson
- [TLS] [Technical Errata Reported] RFC7366 (4284) RFC Errata System