RFC Errata
RFC 7919, "Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)", August 2016
Source of RFC: tls (sec)See Also: RFC 7919 w/ inline errata
Errata ID: 7579
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Tim Geiser
Date Reported: 2023-07-31
Verifier Name: Paul Wouters
Date Verified: 2024-03-21
Section Appendix A says:
The primes in these finite field groups are all safe primes; that is, a prime p is a safe prime when q = (p-1)/2 is also prime. Where e is the base of the natural logarithm and square brackets denote the floor operation, the groups that initially populate this registry are derived for a given bit length b by finding the lowest positive integer X that creates a safe prime p where: p = 2^b - 2^{b-64} + {[2^{b-130} e] + X } * 2^64 - 1
It should say:
The primes in these finite field groups are all safe primes; that is, a prime p is a safe prime when q = (p-1)/2 is also prime. Where e is the base of the natural logarithm and square brackets denote the floor operation, the groups that initially populate this registry are derived for a given bit length b by finding the lowest positive integer X that creates a safe prime p where: p = 2^b - 2^{b-64} + {[2^{b-130} * e] + X } * 2^64 - 1
Notes:
The multiplication sign ('*' in ASCII) is missing in the explanatory introduction of Appendix A that describes the equation used for deriving the primes. It is correct in all five concrete derivations A.1 through A.5