RFC Errata
RFC 3961, "Encryption and Checksum Specifications for Kerberos 5", February 2005
Note: This RFC has been updated by RFC 8429
Source of RFC: krb-wg (sec)
Errata ID: 5522
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Wrong required required checksum mechanism for des-cbc-crc
Date Reported: 2018-10-12
Rejected by: Benjamin Kaduk
Date Rejected: 2018-10-15
Section 6.2.3 says:
des-cbc-crc -------------------------------------------------------------------- protocol key format 8 bytes, parity in low bit of each specific key structure copy of original key required checksum rsa-md5-des mechanism
It should say:
des-cbc-crc -------------------------------------------------------------------- protocol key format 8 bytes, parity in low bit of each specific key structure copy of original key required checksum CRC32 mechanism
Notes:
des-cbc-crc is using the modified crc32 checksum, its required checksum should be CRC32, constant defined in section 8
--VERIFIER NOTES--
Rejected per submitter request; the required Checksum is a distinct operation, not a subset of the encryption operation.