RFC Errata
RFC 4270, "Attacks on Cryptographic Hashes in Internet Protocols", November 2005
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 2659
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Lloyd Wood
Date Reported: 2010-12-04
Held for Document Update by: Stephen Farrell
Section 3 says:
Integrity protection. It is common to compare a hash value that is received out-of-band for a file with the hash value of the file after it is received over an unsecured protocol such as FTP.
It should say:
Reliability checking and error detection. It is common to compare a hash value that is received out-of-band for a file with the hash value of the file after it is received over an unsecured protocol such as FTP.
Notes:
"integrity protection" is a term with specific meaning to security researchers, and that meaning doesn't gel with how the rest of the world uses terms like 'integrity' or 'protection,' or with the rest of this bullet point. So, we swap the term out for something less contentious.
This came up in discussion with Martin Rex and the IESG. Martin writes:
> Integrity protection is terminology that is used in the
> security&cryptographic area and this defect of rfc-4270 is going
> to create misunderstandings.
So, filing an erratum.