IETF Logo Mail Archive

Re: [TLS] [Editorial Errata Reported] RFC9257 (7643)

"Salz, Rich" <rsalz@akamai.com> Mon, 18 September 2023 23:10 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F131BC1524C8 for <tls@ietfa.amsl.com>; Mon, 18 Sep 2023 16:10:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.806
X-Spam-Level:
X-Spam-Status: No, score=-2.806 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id urOnfk-zq0Fj for <tls@ietfa.amsl.com>; Mon, 18 Sep 2023 16:10:41 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83F28C151549 for <tls@ietf.org>; Mon, 18 Sep 2023 16:10:41 -0700 (PDT)
Received: from pps.filterd (m0050093.ppops.net [127.0.0.1]) by m0050093.ppops.net-00190b01. (8.17.1.22/8.17.1.22) with ESMTP id 38II3LhX011185; Tue, 19 Sep 2023 00:10:35 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:content-id:content-transfer-encoding:mime-version; s=jan2016.eng; bh=Gbp3IPceZmirDWAfIz3k8RHfmVRPR3lpMuYjAuotamM=; b= EnVQTBepZtYxoM9QLgEnK7J58RzxG1Qk9ADqoinKAmribbAzZaBhuz41gMTcywU4 X21QHDyrDUougLBNh823Z/s0cUQ9Jg6eDvxYhIxtm8niQTOctP1D7VM5v1FPsxd0 vTZ/mxrtLkBoglS/hoRb6eJPXNcBvq+vy9zsdOuLabGcA7Ize7VVC6EIvQMUv5tx Lw6/hraRww3G1xT00EhMA/Y+MFqibjTPnyUmQ7PuolHQk3LCfYAVEtuNAQjf0adi VODG1xEoWI8Lm7MA/ANZHZFBzoTt+tSY7q5+OyYr5pUxBE6ToOUW8kdQL8QaHoAw yGGwh2XWZQLMFQpsXNI8lg==
Received: from prod-mail-ppoint4 (a72-247-45-32.deploy.static.akamaitechnologies.com [72.247.45.32] (may be forged)) by m0050093.ppops.net-00190b01. (PPS) with ESMTPS id 3t53mrpqpf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 19 Sep 2023 00:10:35 +0100 (BST)
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.17.1.19/8.17.1.19) with ESMTP id 38ILFXB8006506; Mon, 18 Sep 2023 19:10:33 -0400
Received: from email.msg.corp.akamai.com ([172.27.50.201]) by prod-mail-ppoint4.akamai.com (PPS) with ESMTPS id 3t57pwquks-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 18 Sep 2023 19:10:33 -0400
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com (172.27.50.203) by ustx2ex-dag4mb2.msg.corp.akamai.com (172.27.50.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.25; Mon, 18 Sep 2023 16:10:33 -0700
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) by ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) with mapi id 15.02.1258.025; Mon, 18 Sep 2023 16:10:33 -0700
From: "Salz, Rich" <rsalz@akamai.com>
To: Chris Smiley <csmiley@amsl.com>, Paul Wouters <paul.wouters@aiven.io>
CC: RFC Errata System <rfc-editor@rfc-editor.org>, "hvn@radiatorsoftware.com" <hvn@radiatorsoftware.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] [Editorial Errata Reported] RFC9257 (7643)
Thread-Index: AQHZ6WoSJk2DlhUGDk2AA3yid4aiybAhp/2A///CHgA=
Date: Mon, 18 Sep 2023 23:10:33 +0000
Message-ID: <FBE757D0-42B3-4A2D-A31F-08514DCE0B95@akamai.com>
References: <20230917132239.AD7287FDC1@rfcpa.amsl.com> <67B9AB4B-DDC5-4364-96E5-581381404A47@amsl.com>
In-Reply-To: <67B9AB4B-DDC5-4364-96E5-581381404A47@amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.76.23082700
x-originating-ip: [172.27.118.139]
Content-Type: text/plain; charset="utf-8"
Content-ID: <543E547717827E4BB160CA1D3F662275@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.267,Aquarius:18.0.980,Hydra:6.0.601,FMLib:17.11.176.26 definitions=2023-09-18_11,2023-09-18_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 bulkscore=0 mlxscore=0 spamscore=0 phishscore=0 malwarescore=0 suspectscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2308100000 definitions=main-2309180199
X-Proofpoint-ORIG-GUID: 9m72fNTj3Ylf5oqEFs86168VZ_jgtg5b
X-Proofpoint-GUID: 9m72fNTj3Ylf5oqEFs86168VZ_jgtg5b
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.267,Aquarius:18.0.980,Hydra:6.0.601,FMLib:17.11.176.26 definitions=2023-09-18_11,2023-09-18_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 impostorscore=0 mlxlogscore=999 lowpriorityscore=0 malwarescore=0 suspectscore=0 adultscore=0 clxscore=1011 bulkscore=0 phishscore=0 mlxscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2308100000 definitions=main-2309180200
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/t00RAlRw_K2-NXKHOeVXRsE7k3I>
Subject: Re: [TLS] [Editorial Errata Reported] RFC9257 (7643)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Sep 2023 23:10:46 -0000

It is correct.

On 9/18/23, 6:53 PM, "Chris Smiley" <csmiley@amsl.com <mailto:csmiley@amsl.com>> wrote:




Hi Paul,


We are unable to verify this erratum that the submitter marked as editorial. Please note that we have changed the “Type” of the following errata report to “Technical”. As Stream Approver, please review and set the Status and Type accordingly (see the definitions at https://urldefense.com/v3/__https://www.rfc-editor.org/errata-definitions/__;!!GjvTz_vk!RTtlzOZ_XII5DDYJ8uORb7dNcKZdHTIT-A7N7wQNi-kcabuTNYFbWaA8JPW48vIUiySq8JYOddQ$ <https://urldefense.com/v3/__https://www.rfc-editor.org/errata-definitions/__;!!GjvTz_vk!RTtlzOZ_XII5DDYJ8uORb7dNcKZdHTIT-A7N7wQNi-kcabuTNYFbWaA8JPW48vIUiySq8JYOddQ$> ).


You may review the report at: https://urldefense.com/v3/__https://www.rfc-editor.org/errata/eid7643__;!!GjvTz_vk!RTtlzOZ_XII5DDYJ8uORb7dNcKZdHTIT-A7N7wQNi-kcabuTNYFbWaA8JPW48vIUiySqGKrzBFI$ <https://urldefense.com/v3/__https://www.rfc-editor.org/errata/eid7643__;!!GjvTz_vk!RTtlzOZ_XII5DDYJ8uORb7dNcKZdHTIT-A7N7wQNi-kcabuTNYFbWaA8JPW48vIUiySqGKrzBFI$> 


Please see https://urldefense.com/v3/__https://www.rfc-editor.org/how-to-verify/__;!!GjvTz_vk!RTtlzOZ_XII5DDYJ8uORb7dNcKZdHTIT-A7N7wQNi-kcabuTNYFbWaA8JPW48vIUiySqoBCfOKY$ <https://urldefense.com/v3/__https://www.rfc-editor.org/how-to-verify/__;!!GjvTz_vk!RTtlzOZ_XII5DDYJ8uORb7dNcKZdHTIT-A7N7wQNi-kcabuTNYFbWaA8JPW48vIUiySqoBCfOKY$> for further information on how to verify errata reports.


Further information on errata can be found at: https://urldefense.com/v3/__https://www.rfc-editor.org/errata.php__;!!GjvTz_vk!RTtlzOZ_XII5DDYJ8uORb7dNcKZdHTIT-A7N7wQNi-kcabuTNYFbWaA8JPW48vIUiySqlTp_P_s$ <https://urldefense.com/v3/__https://www.rfc-editor.org/errata.php__;!!GjvTz_vk!RTtlzOZ_XII5DDYJ8uORb7dNcKZdHTIT-A7N7wQNi-kcabuTNYFbWaA8JPW48vIUiySqlTp_P_s$> .


Thank you.


RFC Editor/cs




> On Sep 17, 2023, at 6:22 AM, RFC Errata System <rfc-editor@rfc-editor.org <mailto:rfc-editor@rfc-editor.org>> wrote:
> 
> The following errata report has been submitted for RFC9257,
> "Guidance for External Pre-Shared Key (PSK) Usage in TLS".
> 
> --------------------------------------
> You may review the report below and at:
> https://urldefense.com/v3/__https://www.rfc-editor.org/errata/eid7643__;!!GjvTz_vk!RTtlzOZ_XII5DDYJ8uORb7dNcKZdHTIT-A7N7wQNi-kcabuTNYFbWaA8JPW48vIUiySqGKrzBFI$ <https://urldefense.com/v3/__https://www.rfc-editor.org/errata/eid7643__;!!GjvTz_vk!RTtlzOZ_XII5DDYJ8uORb7dNcKZdHTIT-A7N7wQNi-kcabuTNYFbWaA8JPW48vIUiySqGKrzBFI$> 
> 
> --------------------------------------
> Type: Editorial
> Reported by: Heikki Vatiainen <hvn@radiatorsoftware.com <mailto:hvn@radiatorsoftware.com>>
> 
> Section: 6.1. Stack Interface
> 
> Original Text
> -------------
> * OpenSSL and BoringSSL: Applications can specify support for
> external PSKs via distinct ciphersuites in TLS 1.2 and below.
> Also, they can then configure callbacks that are invoked for PSK
> selection during the handshake. These callbacks must provide a
> PSK identity and key. The exact format of the callback depends on
> the negotiated TLS protocol version, with new callback functions
> added specifically to OpenSSL for TLS 1.3 [RFC8446] PSK support.
> The PSK length is validated to be between 1-256 bytes (inclusive).
> The PSK identity may be up to 128 bytes long.
> 
> Corrected Text
> --------------
> * OpenSSL and BoringSSL: Applications can specify support for
> external PSKs via distinct ciphersuites in TLS 1.2 and below.
> Also, they can then configure callbacks that are invoked for PSK
> selection during the handshake. These callbacks must provide a
> PSK identity and key. The exact format of the callback depends on
> the negotiated TLS protocol version, with new callback functions
> added specifically to OpenSSL for TLS 1.3 [RFC8446] PSK support.
> The PSK length is validated to be between 1-256 bytes (inclusive).
> The PSK identity may be up to 128 bytes long. OpenSSL 3.0
> increased PSK maximum length to 512 bytes and PSK identity maximum
> length to 256 bytes to match existing implementations and
> specifications.
> 
> Notes
> -----
> OpenSSL PSK length and PSK identity length were increased to 256 and 512 octets, respectively, for OpenSSL 3.0. There appear to be implementations and specifications that require these longer lengths. See here for more information:
> https://urldefense.com/v3/__https://github.com/openssl/openssl/pull/12777__;!!GjvTz_vk!RTtlzOZ_XII5DDYJ8uORb7dNcKZdHTIT-A7N7wQNi-kcabuTNYFbWaA8JPW48vIUiySqr0uelMQ$ <https://urldefense.com/v3/__https://github.com/openssl/openssl/pull/12777__;!!GjvTz_vk!RTtlzOZ_XII5DDYJ8uORb7dNcKZdHTIT-A7N7wQNi-kcabuTNYFbWaA8JPW48vIUiySqr0uelMQ$> 
> https://urldefense.com/v3/__https://github.com/openssl/openssl/pull/12771__;!!GjvTz_vk!RTtlzOZ_XII5DDYJ8uORb7dNcKZdHTIT-A7N7wQNi-kcabuTNYFbWaA8JPW48vIUiySq52zyR20$ <https://urldefense.com/v3/__https://github.com/openssl/openssl/pull/12771__;!!GjvTz_vk!RTtlzOZ_XII5DDYJ8uORb7dNcKZdHTIT-A7N7wQNi-kcabuTNYFbWaA8JPW48vIUiySq52zyR20$> 
> 
> Instructions:
> -------------
> This erratum is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party 
> can log in to change the status and edit the report, if necessary. 
> 
> --------------------------------------
> RFC9257 (draft-ietf-tls-external-psk-guidance-06)
> --------------------------------------
> Title : Guidance for External Pre-Shared Key (PSK) Usage in TLS
> Publication Date : July 2022
> Author(s) : R. Housley, J. Hoyland, M. Sethi, C. A. Wood
> Category : INFORMATIONAL
> Source : Transport Layer Security
> Area : Security
> Stream : IETF
> Verifying Party : IESG
> 


_______________________________________________
TLS mailing list
TLS@ietf.org <mailto:TLS@ietf.org>
https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/tls__;!!GjvTz_vk!RTtlzOZ_XII5DDYJ8uORb7dNcKZdHTIT-A7N7wQNi-kcabuTNYFbWaA8JPW48vIUiySqRN17ZQw$ <https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/tls__;!!GjvTz_vk!RTtlzOZ_XII5DDYJ8uORb7dNcKZdHTIT-A7N7wQNi-kcabuTNYFbWaA8JPW48vIUiySqRN17ZQw$>

v2.23.0 | Report a Bug | By Email