Hello, Could I bring this erratum reported in November to your attention once more? I think it calls for correction.
Thanks, -Rick > RFC Errata System <mailto:rfc-edi...@rfc-editor.org> > 30 November 2015 at 17:02 > The following errata report has been submitted for RFC5054, > "Using the Secure Remote Password (SRP) Protocol for TLS Authentication". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=5054&eid=4546 > > -------------------------------------- > Type: Technical > Reported by: Rick van Rein <r...@openfortress.nl> > > Section: 2.6 > > Original Text > ------------- > B = k*v + g^b % N > > Corrected Text > -------------- > B = ( k*v + g^b ) % N > > Notes > ----- > The customary binding is that + has lower priority than % and so the > default reading of the expression would be > B = k*v + ( g^b % N ) > That is inconsistent with the existence of PAD(B) and the size of B in > the test vectors, so the context hints at proper brackets, but this > may still lead to implementation errors (of which I actually ran into > an example). > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party (IESG) > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC5054 (draft-ietf-tls-srp-14) > -------------------------------------- > Title : Using the Secure Remote Password (SRP) Protocol for TLS > Authentication > Publication Date : November 2007 > Author(s) : D. Taylor, T. Wu, N. Mavrogiannopoulos, T. Perrin > Category : INFORMATIONAL > Source : Transport Layer Security > Area : Security > Stream : IETF > Verifying Party : IESG > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
