RFC Errata
Found 3 records.
Status: Verified (1)
RFC 5054, "Using the Secure Remote Password (SRP) Protocol for TLS Authentication", November 2007
Source of RFC: tls (sec)
Errata ID: 7538
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Mingye Wang
Date Reported: 2023-06-07
Verifier Name: Paul Wouters
Date Verified: 2023-10-11
Section 2.1 says:
The version of SRP used here is sometimes referred to as "SRP-6" [SRP-6].
It should say:
The version of SRP used here is sometimes referred to as "SRP-6a" [SRP-6a]. [SRP-6a]: Wu, T., "SRP Protocol Design", circa 2005, http://srp.stanford.edu/design.html
Notes:
The protocol described uses a non-constant k, which is an innovation of SRP-6a -- never published formally in a technical report (until this RFC) and dating to ~2005 if we go by the libsrp version history. Actual [SRP-6] of 2002 uses a constant k = 3.
Reference to the [SRP-6] text is still valuable for rationale, but is not accurate. Confusion between these two versions is harmful and may impeded interoperability.
Status: Reported (1)
RFC 5054, "Using the Secure Remote Password (SRP) Protocol for TLS Authentication", November 2007
Source of RFC: tls (sec)
Errata ID: 4546
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Rick van Rein
Date Reported: 2015-11-30
Section 2.6 says:
B = k*v + g^b % N
It should say:
B = ( k*v + g^b ) % N
Notes:
The customary binding is that + has lower priority than % and so the default reading of the expression would be
B = k*v + ( g^b % N )
That is inconsistent with the existence of PAD(B) and the size of B in the test vectors, so the context hints at proper brackets, but this may still lead to implementation errors (of which I actually ran into an example).
Status: Held for Document Update (1)
RFC 5054, "Using the Secure Remote Password (SRP) Protocol for TLS Authentication", November 2007
Source of RFC: tls (sec)
Errata ID: 3570
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Nico Roeser
Date Reported: 2013-03-27
Held for Document Update by: Sean Turner
Section 2.5.1.3 says:
2.5.1.3. Unknown SRP User Name
It should say:
2.5.1.3. Unknown SRP User Name
Notes:
Too many spaces in the heading.