Errata Search
RFC Number:		Errata ID:
Source of RFC		Status:	All/Any Verified+Reported Verified Reported Held for Document Update Rejected
Area Acronym:	All/Any app art gen int ops rai rtg sec tsv wit	Type:	All/Any Editorial Technical
WG Acronym:		Submitter Name:
Other:	All/Any IAB INDEPENDENT IRTF Legacy Editorial	Date Submitted:
Summary Table Full Records

Found 7 records.

Status: Verified (4)

RFC 2631, "Diffie-Hellman Key Agreement Method", June 1999

Source of RFC: smime (sec)

Errata ID: 2506
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Yves Legrandgerard
Date Reported: 2010-09-01
Verifier Name: Sean Turner
Date Verified: 2012-01-06

Section 2.2.1.1 says:

6. For i = 0 to m' - 1

        U = U + (SHA1[SEED + i] XOR SHA1[(SEED + m' + i)) * 2^(160 * i)

   Note that for m=160, this reduces to the algorithm of [FIPS-186]

        U = SHA1[SEED] XOR SHA1[(SEED+1) mod 2^160 ].

It should say:

6. For i = 0 to m' - 1

        U = U + [SHA1(seed + i) Xor SHA1((seed + m' +i ) mod 2^{seedlen})] * 2^{160 * i}

   Note that for m=160, this reduces to the algorithm of [FIPS-186]

        U = [SHA1(seed) Xor SHA1((seed +1) mod 2^{seedlen})], where seedlen
            is the binary length of seed.

Notes:

The line:
U = U + (SHA1[SEED + i] XOR SHA1[(SEED + m' + i)) * 2^(160 * i)
is syntactically incorrect. Closing bracket of last 'SHA1[' is missing.
Moreover, when m=160 (m'=1), the loop cannot reduce to the line:
U = SHA1[SEED] XOR SHA1[(SEED + 1) mod 2^160]
as it can be easily seen.

Errata ID: 5480
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Charlie Zhuo
Date Reported: 2018-08-27
Verifier Name: Benjamin Kaduk
Date Verified: 2018-08-28

Section 2.1.1 says:

h is any integer with 1 < h < p-1 such that h{(p-1)/q} mod p > 1
(g has order q mod p; i.e. g^q mod p = 1 if g!=1)

It should say:

h is any integer with 1 < h < p-1 such that h^{(p-1)/q} mod p > 1
(g has order q mod p; i.e. g^q mod p = 1 if g!=1)

Notes:

The explanation of h omitted the exponentiation operator in the inline formula.

Errata ID: 5897
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Russ Housley
Date Reported: 2019-11-07
Verifier Name: Roman Danyliw
Date Verified: 2022-01-19

Section 2.1.2 says:

     KeySpecificInfo ::= SEQUENCE {
       algorithm OBJECT IDENTIFIER,
       counter OCTET STRING SIZE (4..4) }

It should say:

     KeySpecificInfo ::= SEQUENCE {
       algorithm OBJECT IDENTIFIER,
       counter OCTET STRING (SIZE (4..4)) }

Notes:

The addition of '(' and ')' are needed for an ASN.1 compiler to accept the syntax without raising an error.

Errata ID: 7761
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Russ Housley
Date Reported: 2024-01-12
Verifier Name: RFC Editor
Date Verified: 2024-01-16

Section 2.2.1.1 says:

   6. If p > 2^(L-1) use a robust primality test to test whether p is
      prime. Else go to 18.

It should say:

   16. If p > 2^(L-1) use a robust primality test to test whether p is
       prime. Else go to 18.

Notes:

This should be numbered as step 16, not step 6.

Status: Reported (1)

RFC 2631, "Diffie-Hellman Key Agreement Method", June 1999

Source of RFC: smime (sec)

Errata ID: 6302
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Abdullah Talayhan
Date Reported: 2020-10-07

Section 2.2.1.1 says:

3. Set N’= L/1024

It should say:

3. Set N = L/1024

Notes:

The definition of N' is not used in the document. On line 19 of the algorithm, we have "If counter < (4096 * N) then go to 8.". Hence, either the definition on line 3 has to be N instead of N', or it should be N' instead of N on line 19.

Status: Held for Document Update (2)

RFC 2631, "Diffie-Hellman Key Agreement Method", June 1999

Source of RFC: smime (sec)

Errata ID: 5954
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Paul Janson
Date Reported: 2020-01-02
Held for Document Update by: Benjamin Kaduk
Date Held: 2020-01-13

Section 2.1.5. says:

     1. Verify that y lies within the interval [2,p-1]. If it does not,
        the key is invalid.
     2. Compute y^q mod p. If the result == 1, the key is valid.
        Otherwise the key is invalid.

It should say:

     1. Verify that y lies within the interval [2,p-1]. If it does not,
        the key is invalid.
     2. Compute y^q mod p. If the result == 1, the key is valid.
        Otherwise the key is invalid.
     3. Verify that y does not match g.

Notes:

Validating that (g == received y) needs to be an additional exclusion to the valid range [2,p-1]. If party 'a' accepts received public key 'yb' matching 'g', then ZZ matches public key 'ya'. i.e. if yb = 2, then xb = 1, therefore ZZ = ya^1 = ya

Errata ID: 1060
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Javier Ader
Date Reported: 2007-09-13
Held for Document Update by: Tim Polk

 

This reference is cited in Section 1, but does not appear in the
References section. It should be added:

[DH76]  W. Diffie and M. E. Hellman, "New Directions in Cryptography",
        IEEE Transactions on Information Theory, vol. IT-22, Nov. 1976, 
        pp: 644-654.

Report New Errata