RFC Errata
RFC 9147, "The Datagram Transport Layer Security (DTLS) Protocol Version 1.3", April 2022
Note: This RFC has been updated by RFC 9853
Source of RFC: tls (sec)
Errata ID: 8141
Status: Reported
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: Nick Harper
Date Reported: 2024-10-15
Section 4 says:
This 128-bit value is used in the ACK message as well as in the "record_sequence_number" input to the Authenticated Encryption with Associated Data (AEAD) function.
It should say:
This 128-bit value is used in the ACK message.
Notes:
The end of this paragraph contradicts this by saying "In DTLS 1.3 the 64-bit sequence_number is used as the sequence number for the AEAD computation". If the 128-bit value was used as the "record sequence number" as described in RFC 8446 section 5.3, it appears that would require the AEAD to have an N_MAX of at least 16 bytes to fit all of the 128 bits, and none of the TLS 1.3 AEADs have an N_MAX that big. Thus, I assume the end of the paragraph is correct and the opening is incorrect.