The following errata report has been submitted for RFC9147, "The Datagram Transport Layer Security (DTLS) Protocol Version 1.3".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid8141 -------------------------------------- Type: Technical Reported by: Nick Harper <i...@nharper.org> Section: 4 Original Text ------------- This 128-bit value is used in the ACK message as well as in the "record_sequence_number" input to the Authenticated Encryption with Associated Data (AEAD) function. Corrected Text -------------- This 128-bit value is used in the ACK message. Notes ----- The end of this paragraph contradicts this by saying "In DTLS 1.3 the 64-bit sequence_number is used as the sequence number for the AEAD computation". If the 128-bit value was used as the "record sequence number" as described in RFC 8446 section 5.3, it appears that would require the AEAD to have an N_MAX of at least 16 bytes to fit all of the 128 bits, and none of the TLS 1.3 AEADs have an N_MAX that big. Thus, I assume the end of the paragraph is correct and the opening is incorrect. Instructions: ------------- This erratum is currently posted as "Reported". (If it is spam, it will be removed shortly by the RFC Production Center.) Please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party will log in to change the status and edit the report, if necessary. -------------------------------------- RFC9147 (draft-ietf-tls-dtls13-43) -------------------------------------- Title : The Datagram Transport Layer Security (DTLS) Protocol Version 1.3 Publication Date : April 2022 Author(s) : E. Rescorla, H. Tschofenig, N. Modadugu Category : PROPOSED STANDARD Source : Transport Layer Security Stream : IETF Verifying Party : IESG _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
