# RFC Errata

#### RFC 7919, "Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)", August 2016

Source of RFC: tls (sec)See Also: RFC 7919 w/ inline errata

Errata ID: 7579

**Status: Verified
Type: Technical
Publication Format(s) : TEXT**

Reported By: Tim Geiser

Date Reported: 2023-07-31

Verifier Name: Paul Wouters

Date Verified: 2024-03-21

Section Appendix A says:

The primes in these finite field groups are all safe primes; that is, a prime p is a safe prime when q = (p-1)/2 is also prime. Where e is the base of the natural logarithm and square brackets denote the floor operation, the groups that initially populate this registry are derived for a given bit length b by finding the lowest positive integer X that creates a safe prime p where: p = 2^b - 2^{b-64} + {[2^{b-130} e] + X } * 2^64 - 1

It should say:

The primes in these finite field groups are all safe primes; that is, a prime p is a safe prime when q = (p-1)/2 is also prime. Where e is the base of the natural logarithm and square brackets denote the floor operation, the groups that initially populate this registry are derived for a given bit length b by finding the lowest positive integer X that creates a safe prime p where: p = 2^b - 2^{b-64} + {[2^{b-130} * e] + X } * 2^64 - 1

Notes:

The multiplication sign ('*' in ASCII) is missing in the explanatory introduction of Appendix A that describes the equation used for deriving the primes. It is correct in all five concrete derivations A.1 through A.5