errata logo graphic

Found 2 records.

Status: Reported (2)

RFC5764, "Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)", May 2010

Source of RFC: avt (rai)

Errata ID: 3913

Status: Reported
Type: Technical

Reported By: Martin Thomson
Date Reported: 2014-03-06

Section 5.1.2 says:

Arriving packets may be of types RTP, DTLS, or STUN [RFC5389].
...
                   |       B < 2   -+--> forward to STUN
...
If the value of this byte is 0 or 1, then the packet is STUN.

It should say:

Arriving packets may be of types RTP, DTLS, or STUN [RFC5389].  
STUN messages with methods identifiers of 1280 or higher cannot 
be demultiplexed.
...
                   |       B < 20  -+--> forward to STUN
...
If the value of this byte is less than 20, then the packet is STUN.

Notes:

This is a tricky one. We can't distinguish all STUN message types, because - at least in theory - new message types >= 1280 can be added to STUN, which could collide with DTLS.


Errata ID: 3971

Status: Reported
Type: Technical

Reported By: Martin Thomson
Date Reported: 2014-04-22

Section 4.1.3 says:

   If the client detects a nonzero-length MKI in the server's response
   that is different than the one the client offered, then the client
   MUST abort the handshake and SHOULD send an invalid_parameter alert.

It should say:

   If the client detects a nonzero-length MKI in the server's response
   that is different than the one the client offered, then the client
   MUST abort the handshake and SHOULD send an illegal_parameter alert.

Notes:

invalid_parameter isn't defined anywhere; this probably means illegal_parameter(47), which is defined in RFC 5246.


Report New Errata