[tram] [Technical Errata Reported] RFC7635 (5060)
RFC Errata System <rfc-editor@rfc-editor.org> Wed, 05 July 2017 23:35 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED7DB12EE46 for <tram@ietfa.amsl.com>; Wed, 5 Jul 2017 16:35:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sG4dyRk6rmA8 for <tram@ietfa.amsl.com>; Wed, 5 Jul 2017 16:35:45 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98E03129AAD for <tram@ietf.org>; Wed, 5 Jul 2017 16:35:45 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id 0F530B80DD9; Wed, 5 Jul 2017 16:35:08 -0700 (PDT)
To: tireddy@cisco.com, praspati@cisco.com, rmohanr@cisco.com, justin@uberti.name, spencerdawkins.ietf@gmail.com, ietf@kuehlewind.net, gonzalo.camarillo@ericsson.com, sperreault@jive.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: deadbeef@google.com, tram@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20170705233508.0F530B80DD9@rfc-editor.org>
Date: Wed, 05 Jul 2017 16:35:08 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/qNsCcTQFJYrDTr3yIBm7RsQ_YHU>
X-Mailman-Approved-At: Thu, 06 Jul 2017 01:10:31 -0700
Subject: [tram] [Technical Errata Reported] RFC7635 (5060)
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jul 2017 23:35:47 -0000
The following errata report has been submitted for RFC7635, "Session Traversal Utilities for NAT (STUN) Extension for Third-Party Authorization". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata/eid5060 -------------------------------------- Type: Technical Reported by: Taylor Brandstetter <deadbeef@google.com> Section: Appendix B Original Text ------------- [STUN] supports hash agility and accomplishes this agility by computing message integrity using both HMAC-SHA-1 and HMAC-SHA-256-128. The client signals the algorithm supported by it to the authorization server in the 'alg' parameter defined in [POP-KEY-DIST]. The authorization server determines the length of the mac_key based on the HMAC algorithm conveyed by the client. If the client supports both HMAC-SHA-1 and HMAC-SHA-256-128, then it signals HMAC-SHA-256-128 to the authorization server, gets a 256-bit key from the authorization server, and calculates a 160-bit key for HMAC-SHA-1 using SHA1 and taking the 256-bit key as input. Corrected Text -------------- [STUN] supports hash agility and accomplishes this agility by computing message integrity using both HMAC-SHA-1 and HMAC-SHA-256-128. The client signals the algorithm supported by it to the authorization server in the 'alg' parameter defined in [POP-KEY-DIST]. The authorization server determines the length of the mac_key based on the HMAC algorithm conveyed by the client. If the client supports both HMAC-SHA-1 and HMAC-SHA-256-128, then it signals HMAC-SHA-256-128 to the authorization server, and gets a 256-bit key from the authorization server, which can be used to compute both the HMAC-SHA-1 and HMAC-SHA-256-128 hashes. If the client only supports HMAC-SHA-1, the authorization server could return a 160-bit key, as keys longer than the HMAC-SHA-1 output size of 160-bits would not significantly increase the function's strength. Notes ----- The SHA-1 block size is 512 bits, so a 256-bit key does not need to be shortened to compute a HMAC-SHA-1 hash. Also added an example for "if the client only supports HMAC-SHA-1", to make the hash agility logic more clear. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC7635 (draft-ietf-tram-turn-third-party-authz-16) -------------------------------------- Title : Session Traversal Utilities for NAT (STUN) Extension for Third-Party Authorization Publication Date : August 2015 Author(s) : T. Reddy, P. Patil, R. Ravindranath, J. Uberti Category : PROPOSED STANDARD Source : TURN Revised and Modernized Area : Transport Stream : IETF Verifying Party : IESG
- [tram] [Technical Errata Reported] RFC7635 (5060) RFC Errata System
- Re: [tram] [Technical Errata Reported] RFC7635 (5… Magnus Westerlund
- Re: [tram] [Technical Errata Reported] RFC7635 (5… Justin Uberti
- Re: [tram] [Technical Errata Reported] RFC7635 (5… Magnus Westerlund