RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 2 records.

Status: Held for Document Update (2)

RFC 3967, "Clarifying when Standards Track Documents may Refer Normatively to Documents at a Lower Level", December 2004

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: gen

Errata ID: 201

Status: Held for Document Update
Type: Editorial

Reported By: Alfred Hoenes
Date Reported: 2005-01-03
Held for Document Update by: Russ Housley

Normative references to HMAC in future IETF Standards Track documents should always refer to FIPS-198 instead of RFC 2104.

reading the fresh RFC 3967 (== BCP 97), I found that this memo uses
examples which are well known, but not very appropriate, for the
desired purpose:

(1)
    HMAC [RFC2104]

This algorithm - since almost three years - is a US Federal
Information Processing Standard!

( FIPS PUB 198, issued '2002 March 6' ;
  to download a PDF copy (updated '2002 April 8'), see
  <http://crc.nist.gov/publications/fips/index.html> )

This is an active standard published by a recognized standards body.
Therefore, *Normative References* to HMAC in future IETF Standards
Track documents should always refer to FIPS-198 instead of RFC 2104 !



It should say:

[see above]

Notes:

Remark 1:
FIPS-198 in turn refers to RFC 2104 as a readily available
source document for the algorithm, but gives a detailed,
independent description of the algorithm and its application.

Remark 2:
Expect alternative MAC algorithms like UMAC, TTMAC, EMAC,
and RMAC to get formally standardized soon by various Standards
Bodies. For example, the former three Algorithms are already
(since Feb. 2003) recommended for new applications to be used in
the public administration and economy within the European Union.
This has been the result of the NESSIE project - an open contest
similar to the AES contest of NIST's), see
<http://www.cryptonessie.org/> .

from pending

Errata ID: 706

Status: Held for Document Update
Type: Editorial

Reported By: Alfred Hoenes
Date Reported: 2005-01-03
Held for Document Update by: Russ Housley

Normative references to HMAC in future IETF Standards Track documents should always refer to FIPS-198 instead of RFC 2104.

(2)
    MD5 [RFC1321]

According to the contemporary cryptographic literature, protocols
should now better use SHA-xxx (xxx = [1 / ] 224 / 256 / 384 / 512)
as a cryptographic hashing primitive instead of MD5.

See
- FIPS PUB 180-2, issued '2002 August 1', and amended by
  Change Note 1, issued '2004 February 25', for SHA-224,
and
- RFC 3174 (for SHA-1) and RFC 3874 (for SHA-224) -- based on above.

FIPS 180-2 should be used for Normative References in future IETF
Standards Track documents.



It should say:

[see above]

Notes:

Remark 3:
SHA-1 (as well as MD5) already is no more recommended for new
applications to be used in the public administration and economy
within the European Union, see the URL given in Remark 2 above!

from pending

Report New Errata



Search RFCs
Advanced Search
×