RFC Errata
RFC 3961, "Encryption and Checksum Specifications for Kerberos 5", February 2005
Note: This RFC has been updated by RFC 8429
Source of RFC: krb-wg (sec)
Errata ID: 5522
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Wrong required required checksum mechanism for des-cbc-crc
Date Reported: 2018-10-12
Rejected by: Benjamin Kaduk
Date Rejected: 2018-10-15
Section 6.2.3 says:
des-cbc-crc
--------------------------------------------------------------------
protocol key format 8 bytes, parity in low bit of each
specific key structure copy of original key
required checksum rsa-md5-des
mechanism
It should say:
des-cbc-crc
--------------------------------------------------------------------
protocol key format 8 bytes, parity in low bit of each
specific key structure copy of original key
required checksum CRC32
mechanism
Notes:
des-cbc-crc is using the modified crc32 checksum, its required checksum should be CRC32, constant defined in section 8
--VERIFIER NOTES--
Rejected per submitter request; the required Checksum is a distinct operation, not a subset of the encryption operation.