RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 8391, "XMSS: eXtended Merkle Signature Scheme", May 2018

Source of RFC: IRTF

Errata ID: 6821
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Peter Gordon
Date Reported: 2022-01-24

Section 3.1.5 says:

"Note that the checksum may reach a maximum integer value of len_1 * (w - 1) * 2^8"

It should say:

"Note that the checksum may reach a maximum integer value of len_1 * (w - 1)"

Notes:

The "* 2^8" appears to be a mistake. If the checksum integers could reach those values, the checksum field would overflow, which would potentially allow an attacker to forge a message.

In reality, the correct maximum is just "len_1 * (w - 1)"

Report New Errata



Advanced Search