RFC 5216, "The EAP-TLS Authentication Protocol", March 2008

Errata ID: 6357
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Benjamin Kaduk
Date Reported: 2020-12-16
Verifier Name: Roman Danyliw
Date Verified: 2022-01-19

Section 5.1 says:

   [3] Section 5 of BCP 86 [RFC3766] offers advice on the required RSA
   or Diffie-Hellman (DH) module and Digital Signature Algorithm (DSA)
   subgroup size in bits, for a given level of attack resistance in
   bits.  For example, a 2048-bit RSA key is recommended to provide
   128-bit equivalent key strength.  The National Institute of Standards
   and Technology (NIST) also offers advice on appropriate key sizes in
   [SP800-57].

It should say:

   [3] Section 5 of BCP 86 [RFC3766] offers advice on the required RSA
   or Diffie-Hellman (DH) modulus and Digital Signature Algorithm (DSA)
   subgroup size in bits, for a given level of attack resistance in
   bits.  For example, a 2048-bit RSA key is recommended to provide
   128-bit equivalent key strength.  The National Institute of Standards
   and Technology (NIST) also offers advice on appropriate key sizes in
   [SP800-57].

Notes:

RSA and DH computations are parameterized by their moduli, with singular "modulus" (not "module").

Report New Errata