RFC Errata
RFC 6347, "Datagram Transport Layer Security Version 1.2", January 2012
Note: This RFC has been obsoleted by RFC 9147
Note: This RFC has been updated by RFC 7507, RFC 7905, RFC 8996, RFC 9146
Source of RFC: tls (sec)
Errata ID: 4105
Status: Reported
Type: Editorial
Publication Format(s) : TEXT
Reported By: Manuel Pégourié-Gonnard
Date Reported: 2014-09-08
Section 4.1.2.1 says:
In DTLS, the receiving implementation MAY simply discard the offending record and continue with the connection. This change is possible because DTLS records are not dependent on each other in the way that TLS records are. In general, DTLS implementations SHOULD silently discard records with bad MACs or that are otherwise invalid. They MAY log an error. If a DTLS implementation chooses to generate an alert when it receives a message with an invalid MAC, it MUST generate a bad_record_mac alert with level fatal and terminate its connection state. Note that because errors do not cause connection termination, DTLS stacks are more efficient error type oracles than TLS stacks. Thus, it is especially important that the advice in Section 6.2.3.2 of [TLS12] be
It should say:
See section 4.1.2.7. [And merge the last two sentences above in section 4.1.2.7.]
Notes:
Some text is duplicated between 4.1.2.1 and 4.1.2.7, which my cause confusion or give rise to diverging updates in future revisions of this document.