The following errata report has been verified for RFC5054, "Using the Secure Remote Password (SRP) Protocol for TLS Authentication".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid4546 -------------------------------------- Status: Verified Type: Technical Reported by: Rick van Rein <r...@openfortress.nl> Date Reported: 2015-11-30 Verified by: Paul Wouters (IESG) Section: 2.6 Original Text ------------- B = k*v + g^b % N Corrected Text -------------- B = ( k*v + g^b ) % N Notes ----- The customary binding is that + has lower priority than % and so the default reading of the expression would be B = k*v + ( g^b % N ) That is inconsistent with the existence of PAD(B) and the size of B in the test vectors, so the context hints at proper brackets, but this may still lead to implementation errors (of which I actually ran into an example). Paul Wouters (AD): This errata is correct, but note that this RFC is applicable only for TLS < 1.3. For TLS 1.3, one needs to use a PAKE as replacement, such as those defined in RFC8492. As such, this errata is left as Verified as there won't be a document update for this document. -------------------------------------- RFC5054 (draft-ietf-tls-srp-14) -------------------------------------- Title : Using the Secure Remote Password (SRP) Protocol for TLS Authentication Publication Date : November 2007 Author(s) : D. Taylor, T. Wu, N. Mavrogiannopoulos, T. Perrin Category : INFORMATIONAL Source : Transport Layer Security Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
