RFC Errata
RFC 9180, "Hybrid Public Key Encryption", February 2022
Source of RFC: IRTF
Errata ID: 7251
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: Stephen Farrell
Date Reported: 2022-11-15
Held for Document Update by: Nick Sullivan
Date Held: 2025-01-18
Section 7.2.1 says:
The RECOMMENDED limit for these values is 64 bytes.
It should say:
The RECOMMENDED limit for these values is 66 bytes. (To enable processing of all the test vectors in Appendix A.)
Notes:
Appendix A.6.1 and others have test vectors with an IKM that is 66 octets long. Seems easier to bump the recommended value by 2, rather than invalidate the test vectors, but the latter could also be done if/when 9180 is revised. Meanwhile, no harm for implementers to know this.
Hold for document update. Errata 7251 recommends adjusting IKM size from 64 to 66 bytes to match HPKE test vectors, ensuring sample accuracy. This is a consistency fix rather than functional change, suitable for document revision. - CFRG Chair