RFC 9180, "Hybrid Public Key Encryption", February 2022Source of RFC: IRTF
Errata ID: 7251
Publication Format(s) : HTML
Reported By: Stephen Farrell
Date Reported: 2022-11-15
Section 7.2.1 says:
The RECOMMENDED limit for these values is 64 bytes.
It should say:
The RECOMMENDED limit for these values is 66 bytes. (To enable processing of all the test vectors in Appendix A.)
Appendix A.6.1 and others have test vectors with an IKM that is 66 octets long. Seems easier to bump the recommended value by 2, rather than invalidate the test vectors, but the latter could also be done if/when 9180 is revised. Meanwhile, no harm for implementers to know this.