RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 4270, "Attacks on Cryptographic Hashes in Internet Protocols", November 2005

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 2659
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT

Reported By: Lloyd Wood
Date Reported: 2010-12-04
Held for Document Update by: Stephen Farrell

Section 3 says:

      Integrity protection.  It is common to compare a hash value that
      is received out-of-band for a file with the hash value of the file
      after it is received over an unsecured protocol such as FTP.

It should say:

      Reliability checking and error detection.  It is common to compare a hash value that
      is received out-of-band for a file with the hash value of the file
      after it is received over an unsecured protocol such as FTP.

Notes:

"integrity protection" is a term with specific meaning to security researchers, and that meaning doesn't gel with how the rest of the world uses terms like 'integrity' or 'protection,' or with the rest of this bullet point. So, we swap the term out for something less contentious.

This came up in discussion with Martin Rex and the IESG. Martin writes:

> Integrity protection is terminology that is used in the
> security&cryptographic area and this defect of rfc-4270 is going
> to create misunderstandings.

So, filing an erratum.

Report New Errata