RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

RFC 5054, "Using the Secure Remote Password (SRP) Protocol for TLS Authentication", November 2007

Note: This RFC has been updated by RFC 8996

Source of RFC: tls (sec)
See Also: RFC 5054 w/ inline errata

Errata ID: 4546
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Rick van Rein
Date Reported: 2015-11-30
Verifier Name: Paul Wouters
Date Verified: 2024-01-16

Section 2.6 says:

B = k*v + g^b % N

It should say:

B = ( k*v + g^b ) % N


The customary binding is that + has lower priority than % and so the default reading of the expression would be
B = k*v + ( g^b % N )
That is inconsistent with the existence of PAD(B) and the size of B in the test vectors, so the context hints at proper brackets, but this may still lead to implementation errors (of which I actually ran into an example).

Paul Wouters (AD): This errata is correct, but note that this RFC is applicable only for TLS < 1.3. For TLS 1.3, one needs to use a PAKE as replacement, such as those defined in RFC8492. As such, this errata is left as Verified as there won't be a document update for this document.

Report New Errata

Advanced Search