RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 6 records.

Status: Held for Document Update (5)

RFC 3711, "The Secure Real-time Transport Protocol (SRTP)", March 2004

Note: This RFC has been updated by RFC 5506, RFC 6904, RFC 9335

Source of RFC: avt (rai)

Errata ID: 3420
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT

Reported By: Matthias Schertler
Date Reported: 2012-11-28
Held for Document Update by: Gonzalo Camarillo

Section 3.1. says:

   The "Encrypted Portion" of an SRTP packet consists of the encryption
   of the RTP payload (including RTP padding when present) of the
   equivalent RTP packet.

It should say:

   The "Encrypted Portion" of an SRTP packet consists of the encryption
   of the RTP payload (including RTP padding and RTP pad count when present)
   of the equivalent RTP packet.  

Notes:

In Figure 1 "RTP padding" and "RTP pad count" are different things. The text should use the same terminology in order to make clear that the padding count is encrypted.

Errata ID: 3712
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT

Reported By: Christian S Oien
Date Reported: 2013-08-27
Held for Document Update by: Richard Barnes
Date Held: 2014-02-15

Section 4.3.2 says:

Replace the SRTP index by the 32-bit quantity: 0 || SRTCP index
 (i.e., excluding the E-bit, replacing it with a fixed 0-bit), and use
<label> = 0x03 for the SRTCP encryption key, <label> = 0x04 for the
SRTCP authentication key, and, <label> = 0x05 for the SRTCP salting
key.

It should say:

Replace the SRTP index by the 48-bit quantity: 000...0 || 0 || SRTCP
index (i.e., excluding the E-bit, replacing it with a fixed 0-bit and
padding the result so that it becomes 48 bits wide to match the size
of the SRTP index). Since this quantity and the SRTP index are both
48 bits wide, the labels are all located in the same octet in the IV.
The labels for the derivations of the SRTCP keys are as follows:   
<label> = 0x03 for the SRTCP encryption key, <label> = 0x04 for the 
SRTCP authentication key, and, <label> = 0x05 for the SRTCP salting 
key.

Notes:

Replacing with a 32-bit quantity means that the DIV operator will
yield a 32-bit quantity. Following the specification of key_id for SRTCP
the <label> will have 32 bits to its right when XOR'ing with master_salt.

The majority of implementations, including libsrtp, invokes this XOR with the
<label> at the same position as for SRTP. According to the specification
this should be done 16 bits to the right of this, when invoking for SRTCP.

Errata ID: 1958
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT

Reported By: Jaap Keuter
Date Reported: 2009-12-10
Held for Document Update by: Robert Sparks

Section 1 says:

   This document describes the Secure Real-time Transport Protocol
   (SRTP), a profile of the Real-time Transport Protocol (RTP), which
   can provide confidentiality, message authentication, and replay
   protection to the RTP traffic and to the control traffic for RTP,
   RTCP (the Real-time Transport Control Protocol) [RFC3350].

It should say:

   This document describes the Secure Real-time Transport Protocol
   (SRTP), a profile of the Real-time Transport Protocol (RTP), which
   can provide confidentiality, message authentication, and replay
   protection to the RTP traffic and to the control traffic for RTP,
   RTCP (the Real-time Transport Control Protocol) [RFC3550].

Notes:

Reference is made to the RFC pertaining RTP, which is 3550, not 3350.

Errata ID: 4425
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT

Reported By: Ross Finlayson
Date Reported: 2015-07-22
Held for Document Update by: Ben Campbell
Date Held: 2016-04-13

Section 3.4 says:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<+
     |V=2|P|    RC   |   PT=SR or RR   |             length          | |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |

It should say:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<+
     |V=2|P|    RC   |   PT=SR or RR |             length          | |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |

Notes:

The boundary between the "PT=SR or RR" and the "length" fields is wrong: The boundary is shown as being between bits 16 and 17; it should be between bits 15 and 16. I.e., the "PT=SR or RR" field should be 8 bits long, not 9.

This is just a minor bug, because the equivalent diagram in RFC 3550 (the normative reference for RTCP) is correct. Nonetheless, this bug should probably be added to the errata for RFC 3711

Errata ID: 4514
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT

Reported By: Bernhard Kirchen
Date Reported: 2015-10-29
Held for Document Update by: Ben Campbell
Date Held: 2015-10-30

Section 3.1 says:

The format of an SRTP packet is illustrated in Figure 1.

   0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<+

It should say:

The format of an SRTP packet is illustrated in Figure 1.

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<+

Notes:

The bit index second decimal digit is shifted by two characters. These digits should align with the zeros in the second line.

Status: Rejected (1)

RFC 3711, "The Secure Real-time Transport Protocol (SRTP)", March 2004

Note: This RFC has been updated by RFC 5506, RFC 6904, RFC 9335

Source of RFC: avt (rai)

Errata ID: 7606
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: David Satterlee
Date Reported: 2023-08-17
Rejected by: Francesca Palombini
Date Rejected: 2023-11-07

Section B.3 says:

   This section provides test data for the default key derivation
   function, which uses AES-128 in Counter Mode.  In the following, we
   walk through the initial key derivation for the AES-128 Counter Mode
   cipher, which requires a 16 octet session encryption key and a 14
   octet session salt, and an authentication function which requires a
   94-octet session authentication key.

(...)

   Below, the auth key is shown on the left, while the corresponding AES
   input blocks are shown on the right.

   auth key                           AES input blocks
   CEBE321F6FF7716B6FD4AB49AF256A15   0EC675AD498AFEEAB6960B3AABE60000
   6D38BAA48F0A0ACF3C34E2359E6CDBCE   0EC675AD498AFEEAB6960B3AABE60001
   E049646C43D9327AD175578EF7227098   0EC675AD498AFEEAB6960B3AABE60002
   6371C10C9A369AC2F94A8C5FBCDDDC25   0EC675AD498AFEEAB6960B3AABE60003
   6D6E919A48B610EF17C2041E47403576   0EC675AD498AFEEAB6960B3AABE60004
   6B68642C59BBFC2F34DB60DBDFB2       0EC675AD498AFEEAB6960B3AABE60005

It should say:

   This section provides test data for the default key derivation
   function, which uses AES-128 in Counter Mode.  In the following, we
   walk through the initial key derivation for the AES-128 Counter Mode
   cipher, which requires a 16 octet session encryption key and a 14
   octet session salt, and an authentication function which requires a
   20-octet session authentication key.

(...)

   Below, the auth key is shown on the left, while the corresponding AES
   input blocks are shown on the right.

   auth key blocks                    AES input blocks
   CEBE321F6FF7716B6FD4AB49AF256A15   0EC675AD498AFEEAB6960B3AABE60000
   6D38BAA4                           0EC675AD498AFEEAB6960B3AABE60001
 
   auth key: CEBE321F6FF7716B6FD4AB49AF256A156D38BAA4

Notes:

The RFC specifies a 160 bit, 20-octet session authentication key throughout (section 5.2, Section 8.2, Section 9.2 and Section 9.5), but the vectors and derivation in section B.3 specifies the need for a 94-octet session key, and includes test vectors as such.
--VERIFIER NOTES--
This test vector does not contradict any other section. It explicitly says that it is a test vector for "an authentication function which requires a 94-octet session authentication key".

In rejecting this Errata report I note that the reported text is not an error, but a deliberate decision of the authors and working group.

Report New Errata



Advanced Search