# RFC Errata

Found 5 records.

## Status: Verified (2)

### RFC 2631, "Diffie-Hellman Key Agreement Method", June 1999

Source of RFC: smime (sec)
Errata ID: 2506

**Status: Verified
Type: Technical
Publication Format(s) : TEXT**

Reported By: Yves Legrandgerard

Date Reported: 2010-09-01

Verifier Name: Sean Turner

Date Verified: 2012-01-06

Section 2.2.1.1 says:

6. For i = 0 to m' - 1 U = U + (SHA1[SEED + i] XOR SHA1[(SEED + m' + i)) * 2^(160 * i) Note that for m=160, this reduces to the algorithm of [FIPS-186] U = SHA1[SEED] XOR SHA1[(SEED+1) mod 2^160 ].

It should say:

6. For i = 0 to m' - 1 U = U + [SHA1(seed + i) Xor SHA1((seed + m' +i ) mod 2^{seedlen})] * 2^{160 * i} Note that for m=160, this reduces to the algorithm of [FIPS-186] U = [SHA1(seed) Xor SHA1((seed +1) mod 2^{seedlen})], where seedlen is the binary length of seed.

Notes:

The line:

U = U + (SHA1[SEED + i] XOR SHA1[(SEED + m' + i)) * 2^(160 * i)

is syntactically incorrect. Closing bracket of last 'SHA1[' is missing.

Moreover, when m=160 (m'=1), the loop cannot reduce to the line:

U = SHA1[SEED] XOR SHA1[(SEED + 1) mod 2^160]

as it can be easily seen.

Errata ID: 5480

**Status: Verified
Type: Technical
Publication Format(s) : TEXT**

Reported By: Charlie Zhuo

Date Reported: 2018-08-27

Verifier Name: Benjamin Kaduk

Date Verified: 2018-08-28

Section 2.1.1 says:

h is any integer with 1 < h < p-1 such that h{(p-1)/q} mod p > 1 (g has order q mod p; i.e. g^q mod p = 1 if g!=1)

It should say:

h is any integer with 1 < h < p-1 such that h^{(p-1)/q} mod p > 1 (g has order q mod p; i.e. g^q mod p = 1 if g!=1)

Notes:

The explanation of h omitted the exponentiation operator in the inline formula.

## Status: Reported (1)

### RFC 2631, "Diffie-Hellman Key Agreement Method", June 1999

Source of RFC: smime (sec)
Errata ID: 5897

**Status: Reported
Type: Technical
Publication Format(s) : TEXT**

Reported By: Russ Housley

Date Reported: 2019-11-07

Section 2.1.2 says:

KeySpecificInfo ::= SEQUENCE { algorithm OBJECT IDENTIFIER, counter OCTET STRING SIZE (4..4) }

It should say:

KeySpecificInfo ::= SEQUENCE { algorithm OBJECT IDENTIFIER, counter OCTET STRING (SIZE (4..4)) }

Notes:

The addition of '(' and ')' are needed for an ASN.1 compiler to accept the syntax without raising an error.

## Status: Held for Document Update (2)

### RFC 2631, "Diffie-Hellman Key Agreement Method", June 1999

Source of RFC: smime (sec)
Errata ID: 5954

**Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT**

Reported By: Paul Janson

Date Reported: 2020-01-02

Held for Document Update by: Benjamin Kaduk

Date Held: 2020-01-13

Section 2.1.5. says:

1. Verify that y lies within the interval [2,p-1]. If it does not, the key is invalid. 2. Compute y^q mod p. If the result == 1, the key is valid. Otherwise the key is invalid.

It should say:

1. Verify that y lies within the interval [2,p-1]. If it does not, the key is invalid. 2. Compute y^q mod p. If the result == 1, the key is valid. Otherwise the key is invalid. 3. Verify that y does not match g.

Notes:

Validating that (g == received y) needs to be an additional exclusion to the valid range [2,p-1]. If party 'a' accepts received public key 'yb' matching 'g', then ZZ matches public key 'ya'. i.e. if yb = 2, then xb = 1, therefore ZZ = ya^1 = ya

Errata ID: 1060

**Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT**

Reported By: Javier Ader

Date Reported: 2007-09-13

Held for Document Update by: Tim Polk

This reference is cited in Section 1, but does not appear in the References section. It should be added: [DH76] W. Diffie and M. E. Hellman, "New Directions in Cryptography", IEEE Transactions on Information Theory, vol. IT-22, Nov. 1976, pp: 644-654.