[TLS] Errata 4800
Michael StJohns <msj@nthpermutation.com> Fri, 07 March 2025 19:21 UTC
Return-Path: <msj@nthpermutation.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id BB9E58F01A9 for <tls@mail2.ietf.org>; Fri, 7 Mar 2025 11:21:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=nthpermutation-com.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id teD0hSM34FJJ for <tls@mail2.ietf.org>; Fri, 7 Mar 2025 11:21:51 -0800 (PST)
Received: from mail-qk1-x72f.google.com (mail-qk1-x72f.google.com [IPv6:2607:f8b0:4864:20::72f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 6D7078F0188 for <tls@ietf.org>; Fri, 7 Mar 2025 11:21:51 -0800 (PST)
Received: by mail-qk1-x72f.google.com with SMTP id af79cd13be357-7c081915cf3so298526585a.1 for <tls@ietf.org>; Fri, 07 Mar 2025 11:21:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20230601.gappssmtp.com; s=20230601; t=1741375310; x=1741980110; darn=ietf.org; h=subject:from:to:content-language:user-agent:mime-version:date :message-id:from:to:cc:subject:date:message-id:reply-to; bh=l62jlgELUJOHXuFuDTP5V02xJQstJVagfQj3efdKahk=; b=Un+RCyoaUaHi0NS17r1P/En22ByaieYNJAbxub4191q54VEecNwp6ie2RvBs5M4mK6 J93jLU0dwOaXDarEEkQG/Lk18DFibm1uI25mX/rsq5f+pqzRkDUvN9yh707VAZxMaBht pp1mouNumy0rDN+9Vo6RKW/CryMYVS7l/sJdX1n0bd60oNxSyIfBMppsazF0kqZoG1gp s9ntYQVzVXmrPFbpnwRRzsxyBgviE9wpxPDy991XH15c5BkYJp8YVvFVvdBj41vf00KT SHfDn1H6Hl048oiAVPxtnrgW1n3xi3d04IQy7unsVU1fPRNVG5qKvOO7vq2OcxBsUX8B vImQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741375310; x=1741980110; h=subject:from:to:content-language:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=l62jlgELUJOHXuFuDTP5V02xJQstJVagfQj3efdKahk=; b=hP0yifi2eYQ5pvA8+3qwixR4pEoNl5CkXCboEUfPfj5gY4E/tEDJrj+CwbAQWPHM7b hjezAM17EBfpHg/psiTc2kLqIWd+7r76JSkBlIiAzvmVyPAQHMUFjZuSx1XvU+Uxq2KX OvtFYzVuKIuLZO67wWciZAea4AX91VsDayd1ZJ0BPmLdJwv8p03RMcVn82tYE7MYHsrI uL2bYjsg9wX45jEv1quEv4PAQp7uEcR5uyLYNiaStV+tBYAM/N4lYJXcQ/MXfTDd2Zmg 6faEUbD62DUYZy4BZ6rcTnfmiqdxOYEjgDzf0mCYzgYW56sKw2fpF/aRsHH7P9RvskC7 QPhw==
X-Gm-Message-State: AOJu0YxiyPK4tp5Y4Oh0xfJSVcEMNZj9QDqgO5lbm9qVXG0iniJ+87lp OhLkPAnSIfGFvwE1Bjxgk51MvIParrD0qr0CwcXrPOeYQIpGydibsMnrqZsmL/v7VjA/t9M76mR K
X-Gm-Gg: ASbGnct6o4BoxgefBGzS+3LBHNKaP5ivTsXX2WpuUO2SahJoD4AaZcUd4WFEDIFNtti Zg2f853ug6tdFUAYE7TKzrVdtz85AH6tONGrdbSyH8pa5bWvHyb+DDqgnq4hZStSp3OxQmRohH+ 458DCEp3HxatSyOsRtUlEqDghHqP5qspgxHKCar1RN2D7igFz3aVIkwoxgLB+U+Jx67dGnKSd9p iKst5X2P06UaKOKyuQrsgbYT9ejspFkWj6y6MxkJ1Mrz5fE6FRPmJiTmmiIRSBEoLCebl0z6ClS O3ghI57YQcWEbEYJ5Ku98NJVAmKJ8XTKqYueFXT4jw8WjPb+AzE3Rz5z070pPkPBU7SY9hrL9eZ AnbZ5okQADA==
X-Google-Smtp-Source: AGHT+IGDA3H2ZJz2cyP4FxZVDAFxVp7WEaCOeEA6c0tTcDiux2PWnQ7x1FBuyXl+nV2nt+LJCK7D7A==
X-Received: by 2002:a05:620a:618f:b0:7c3:d3c1:a8f4 with SMTP id af79cd13be357-7c4e1678b92mr799706185a.8.1741375310360; Fri, 07 Mar 2025 11:21:50 -0800 (PST)
Received: from [192.168.1.10] (pool-108-48-44-44.washdc.fios.verizon.net. [108.48.44.44]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7c3e551d075sm276861385a.112.2025.03.07.11.21.49 for <tls@ietf.org> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Mar 2025 11:21:49 -0800 (PST)
Content-Type: multipart/alternative; boundary="------------Sw7pvmhJWdpIi65vhg60JkZF"
Message-ID: <6cf868f7-5761-4791-bca1-0ac8b763f473@nthpermutation.com>
Date: Fri, 07 Mar 2025 14:21:49 -0500
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: "tls@ietf.org" <tls@ietf.org>
From: Michael StJohns <msj@nthpermutation.com>
X-Antivirus: Norton (VPS 250307-6, 3/7/2025), Outbound message
X-Antivirus-Status: Clean
Message-ID-Hash: AZCUJDMIK52JZU3MJ4YVJLNPMANBIN32
X-Message-ID-Hash: AZCUJDMIK52JZU3MJ4YVJLNPMANBIN32
X-MailFrom: msj@nthpermutation.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Errata 4800
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/yY-TLprT-IZZp1yJWnffMyfIcP8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
https://www.rfc-editor.org/errata/eid4800 RFC 5077 <https://www.rfc-editor.org/rfc/rfc5077>, "Transport Layer Security (TLS) Session Resumption without Server-Side State", January 2008 I'm working through the list of errata and came across this one. This mechanism is obsolete in TLS1.3, but still exists in TLS1.2. The errata appears to be valid with respect to the wrapping length issues of the indicated structures - (E.g. a 2^16-1 object can't encode/wrap a 2^24-1 object). Someone should consider the structures defined here but carried to TLS1.3 and verify length consistency and issue an errata if needed. If TLS1.2 is actually still live for development (and new RFCs), I'd mark this errata as Verified. Otherwise, if TLS1.2 is obsolete (and not just its documents), I'd mark this errata as "Rejected" as there's nowhere to apply the errata. I'll leave it to the chairs of TLS to figure out which is more appropriate. Mike
- [TLS] Errata 4800 Michael StJohns
- [TLS] Re: Errata 4800 Martin Thomson
- [TLS] Re: Errata 4800 Michael StJohns
- [TLS] Re: Errata 4800 Salz, Rich