H Paul, We are unable to verify this erratum that the submitter marked as editorial. Please note that we have changed the “Type” of the following errata report to “Technical”. As Stream Approver, please review and set the Status and Type accordingly (see the definitions at https://www.rfc-editor.org/errata-definitions/).
You may review the report at: https://www.rfc-editor.org/errata/eid7538 Please see https://www.rfc-editor.org/how-to-verify/ for further information on how to verify errata reports. Further information on errata can be found at: https://www.rfc-editor.org/errata.php. Thank you. RFC Editor/cs > On Jun 6, 2023, at 11:58 PM, RFC Errata System <rfc-edi...@rfc-editor.org> > wrote: > > The following errata report has been submitted for RFC5054, > "Using the Secure Remote Password (SRP) Protocol for TLS Authentication". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid7538 > > -------------------------------------- > Type: Editorial > Reported by: Mingye Wang <arthur200...@gmail.com> > > Section: 2.1 > > Original Text > ------------- > The version of SRP used here is sometimes referred to as "SRP-6" > [SRP-6]. > > Corrected Text > -------------- > The version of SRP used here is sometimes referred to as "SRP-6a" > [SRP-6a]. > > > [SRP-6a]: Wu, T., "SRP Protocol Design", circa 2005, > http://srp.stanford.edu/design.html > > Notes > ----- > The protocol described uses a non-constant k, which is an innovation of > SRP-6a -- never published formally in a technical report (until this RFC) and > dating to ~2005 if we go by the libsrp version history. Actual [SRP-6] of > 2002 uses a constant k = 3. > > Reference to the [SRP-6] text is still valuable for rationale, but is not > accurate. Confusion between these two versions is harmful and may impeded > interoperability. > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC5054 (draft-ietf-tls-srp-14) > -------------------------------------- > Title : Using the Secure Remote Password (SRP) Protocol for TLS > Authentication > Publication Date : November 2007 > Author(s) : D. Taylor, T. Wu, N. Mavrogiannopoulos, T. Perrin > Category : INFORMATIONAL > Source : Transport Layer Security > Area : Security > Stream : IETF > Verifying Party : IESG > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
