RFC 4270, "Attacks on Cryptographic Hashes in Internet Protocols", November 2005Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec
Errata ID: 2659
Status: Held for Document Update
Publication Format(s) : TEXT
Reported By: Lloyd Wood
Date Reported: 2010-12-04
Held for Document Update by: Stephen Farrell
Section 3 says:
Integrity protection. It is common to compare a hash value that is received out-of-band for a file with the hash value of the file after it is received over an unsecured protocol such as FTP.
It should say:
Reliability checking and error detection. It is common to compare a hash value that is received out-of-band for a file with the hash value of the file after it is received over an unsecured protocol such as FTP.
"integrity protection" is a term with specific meaning to security researchers, and that meaning doesn't gel with how the rest of the world uses terms like 'integrity' or 'protection,' or with the rest of this bullet point. So, we swap the term out for something less contentious.
This came up in discussion with Martin Rex and the IESG. Martin writes:
> Integrity protection is terminology that is used in the
> security&cryptographic area and this defect of rfc-4270 is going
> to create misunderstandings.
So, filing an erratum.