The following errata report has been verified for RFC8446, "The Transport Layer Security (TLS) Protocol Version 1.3".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid5483 -------------------------------------- Status: Verified Type: Technical Reported by: Patrick Kelsey <pat.kel...@notforadio.com> Date Reported: 2018-08-28 Verified by: Paul Wouters (IESG) Section: 4.2.8.2 Original Text ------------- For X25519 and X448, the contents of the public value are the byte string inputs and outputs of the corresponding functions defined in [RFC7748]: 32 bytes for X25519 and 56 bytes for X448. Corrected Text -------------- For X25519 and X448, the contents of the public value are the byte string outputs of the corresponding functions defined in [RFC7748]: 32 bytes for X25519 and 56 bytes for X448. Notes ----- Per Section 7.4.2 of this RFC and Section 6 of RFC7748, the byte string inputs to the corresponding ECDH scalar multiplication function are the private key and the u-coordinate of the standard public base point, the former of which of course must not be transmitted and the latter of which is a known constant. Paul Wouters (AD): Resolved but with the following Corrected Text: For X25519 and X448, the contents of the public value is the K_A or K_B value described in Section 6 of [RFC7748]. This is 32 bytes for X25519 and 56 bytes for X448. >From another perspective, including the byte string inputs in the contents of >the public value would contradict the resulting content sizes given at the end >of the cited paragraph as well as the statement in Section 7.4.2 that the >public key put into the KeyShareEntry is the output of ECDH scalar >multiplication function. -------------------------------------- RFC8446 (draft-ietf-tls-tls13-28) -------------------------------------- Title : The Transport Layer Security (TLS) Protocol Version 1.3 Publication Date : August 2018 Author(s) : E. Rescorla Category : PROPOSED STANDARD Source : Transport Layer Security Stream : IETF Verifying Party : IESG _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
