RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 5216, "The EAP-TLS Authentication Protocol", March 2008

Source of RFC: emu (sec)

Errata ID: 1388
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT

Reported By: Alfred Hoenes
Date Reported: 2008-03-26
Held for Document Update by: Pasi Eronen

Section 2.1.1,pg.5 says:

   The certificate message contains a public key certificate chain for
   either a key exchange public key (such as an RSA or Diffie-Hellman
   key exchange public key) or a signature public key (such as an RSA or
|  Digital Signature Standard (DSS) signature public key).  In the
   latter case, a TLS server_key_exchange handshake message MUST also be
   included to allow the key exchange to take place.

It should say:

   The certificate message contains a public key certificate chain for
   either a key exchange public key (such as an RSA or Diffie-Hellman
   key exchange public key) or a signature public key (such as an RSA or
|  Digital Signature Algorithm (DSA) signature public key).  In the
                     ^^^^^^^^^    ^
   latter case, a TLS server_key_exchange handshake message MUST also be
   included to allow the key exchange to take place.

Notes:

Location is the 6th paragraph of Section 2.1.1.
(Please note that the first paragraph of that section is
inadvertently split into two parts by a spurious blank line
that has been ignored for the purpose of paragraph numbering.)

Rationale:
There's no such thing like a DSS signature public key.
Keys have to match the mathematical algorithms, and only
indirectly the standrds documents.
The Digital Signature Standard (DSS) supports three different
kinds of signature algorithms: (classical) DSA, ECDSA (the DSA
variant based on Elliptic Curve Cryptography), and RSA.
All three algorithms require different keys, based on the
mathematical properties and the related presentation forms.

Other parts of the document, in particular Section 5.1 already
use the proper terminology to distinguish between algorithm and
standards document.

Report New Errata