errata logo graphic

Found 1 record.

Status: Verified (1)

RFC4771, "Integrity Transform Carrying Roll-Over Counter for the Secure Real-time Transport Protocol (SRTP)", January 2007

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 3233

Status: Verified
Type: Technical

Reported By: Mats Näslund
Date Reported: 2012-05-28
Verifier Name: Robert Sparks
Date Verified: 2012-06-07

Section 2 says:

When the receiver receives an SRTP packet, it processes the packet
according to RFC 3711 except that during authentication processing
ROC_local is replaced by ROC_sender (retrieved from the packet).

It should say:

When the receiver receives an SRTP packet, it processes the packet
according to RFC 3711 except that during replay check and authentication processing
ROC_local is replaced by ROC_sender (retrieved from the packet).

Notes:

While this is typo, it has the unfortunate side effect of creating a possibility for a replay attack where the attacker injects a previous message, possibly causing the receiver to loose synch on the ROC value. This is prevented if the receiver uses ROC_sender in place of ROC_local during both authentication _and_ replay check.

We thank David McGrew for spotting this error.


Report New Errata