The following errata report has been verified for RFC5054, "Using the Secure Remote Password (SRP) Protocol for TLS Authentication".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7538 -------------------------------------- Status: Verified Type: Technical Reported by: Mingye Wang <arthur200...@gmail.com> Date Reported: 2023-06-07 Verified by: Paul Wouters (IESG) Section: 2.1 Original Text ------------- The version of SRP used here is sometimes referred to as "SRP-6" [SRP-6]. Corrected Text -------------- The version of SRP used here is sometimes referred to as "SRP-6a" [SRP-6a]. [SRP-6a]: Wu, T., "SRP Protocol Design", circa 2005, http://srp.stanford.edu/design.html Notes ----- The protocol described uses a non-constant k, which is an innovation of SRP-6a -- never published formally in a technical report (until this RFC) and dating to ~2005 if we go by the libsrp version history. Actual [SRP-6] of 2002 uses a constant k = 3. Reference to the [SRP-6] text is still valuable for rationale, but is not accurate. Confusion between these two versions is harmful and may impeded interoperability. -------------------------------------- RFC5054 (draft-ietf-tls-srp-14) -------------------------------------- Title : Using the Secure Remote Password (SRP) Protocol for TLS Authentication Publication Date : November 2007 Author(s) : D. Taylor, T. Wu, N. Mavrogiannopoulos, T. Perrin Category : INFORMATIONAL Source : Transport Layer Security Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
