RFC Errata
Found 6 records.
Status: Held for Document Update (5)
RFC 3711, "The Secure Real-time Transport Protocol (SRTP)", March 2004
Note: This RFC has been updated by RFC 5506, RFC 6904, RFC 9335
Source of RFC: avt (rai)
Errata ID: 3420
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Matthias Schertler
Date Reported: 2012-11-28
Held for Document Update by: Gonzalo Camarillo
Section 3.1. says:
The "Encrypted Portion" of an SRTP packet consists of the encryption of the RTP payload (including RTP padding when present) of the equivalent RTP packet.
It should say:
The "Encrypted Portion" of an SRTP packet consists of the encryption of the RTP payload (including RTP padding and RTP pad count when present) of the equivalent RTP packet.
Notes:
In Figure 1 "RTP padding" and "RTP pad count" are different things. The text should use the same terminology in order to make clear that the padding count is encrypted.
Errata ID: 3712
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Christian S Oien
Date Reported: 2013-08-27
Held for Document Update by: Richard Barnes
Date Held: 2014-02-15
Section 4.3.2 says:
Replace the SRTP index by the 32-bit quantity: 0 || SRTCP index (i.e., excluding the E-bit, replacing it with a fixed 0-bit), and use <label> = 0x03 for the SRTCP encryption key, <label> = 0x04 for the SRTCP authentication key, and, <label> = 0x05 for the SRTCP salting key.
It should say:
Replace the SRTP index by the 48-bit quantity: 000...0 || 0 || SRTCP index (i.e., excluding the E-bit, replacing it with a fixed 0-bit and padding the result so that it becomes 48 bits wide to match the size of the SRTP index). Since this quantity and the SRTP index are both 48 bits wide, the labels are all located in the same octet in the IV. The labels for the derivations of the SRTCP keys are as follows: <label> = 0x03 for the SRTCP encryption key, <label> = 0x04 for the SRTCP authentication key, and, <label> = 0x05 for the SRTCP salting key.
Notes:
Replacing with a 32-bit quantity means that the DIV operator will
yield a 32-bit quantity. Following the specification of key_id for SRTCP
the <label> will have 32 bits to its right when XOR'ing with master_salt.
The majority of implementations, including libsrtp, invokes this XOR with the
<label> at the same position as for SRTP. According to the specification
this should be done 16 bits to the right of this, when invoking for SRTCP.
Errata ID: 1958
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Jaap Keuter
Date Reported: 2009-12-10
Held for Document Update by: Robert Sparks
Section 1 says:
This document describes the Secure Real-time Transport Protocol (SRTP), a profile of the Real-time Transport Protocol (RTP), which can provide confidentiality, message authentication, and replay protection to the RTP traffic and to the control traffic for RTP, RTCP (the Real-time Transport Control Protocol) [RFC3350].
It should say:
This document describes the Secure Real-time Transport Protocol (SRTP), a profile of the Real-time Transport Protocol (RTP), which can provide confidentiality, message authentication, and replay protection to the RTP traffic and to the control traffic for RTP, RTCP (the Real-time Transport Control Protocol) [RFC3550].
Notes:
Reference is made to the RFC pertaining RTP, which is 3550, not 3350.
Errata ID: 4425
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Ross Finlayson
Date Reported: 2015-07-22
Held for Document Update by: Ben Campbell
Date Held: 2016-04-13
Section 3.4 says:
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<+ |V=2|P| RC | PT=SR or RR | length | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
It should say:
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<+ |V=2|P| RC | PT=SR or RR | length | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
Notes:
The boundary between the "PT=SR or RR" and the "length" fields is wrong: The boundary is shown as being between bits 16 and 17; it should be between bits 15 and 16. I.e., the "PT=SR or RR" field should be 8 bits long, not 9.
This is just a minor bug, because the equivalent diagram in RFC 3550 (the normative reference for RTCP) is correct. Nonetheless, this bug should probably be added to the errata for RFC 3711
Errata ID: 4514
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Bernhard Kirchen
Date Reported: 2015-10-29
Held for Document Update by: Ben Campbell
Date Held: 2015-10-30
Section 3.1 says:
The format of an SRTP packet is illustrated in Figure 1. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<+
It should say:
The format of an SRTP packet is illustrated in Figure 1. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<+
Notes:
The bit index second decimal digit is shifted by two characters. These digits should align with the zeros in the second line.
Status: Rejected (1)
RFC 3711, "The Secure Real-time Transport Protocol (SRTP)", March 2004
Note: This RFC has been updated by RFC 5506, RFC 6904, RFC 9335
Source of RFC: avt (rai)
Errata ID: 7606
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: David Satterlee
Date Reported: 2023-08-17
Rejected by: Francesca Palombini
Date Rejected: 2023-11-07
Section B.3 says:
This section provides test data for the default key derivation function, which uses AES-128 in Counter Mode. In the following, we walk through the initial key derivation for the AES-128 Counter Mode cipher, which requires a 16 octet session encryption key and a 14 octet session salt, and an authentication function which requires a 94-octet session authentication key. (...) Below, the auth key is shown on the left, while the corresponding AES input blocks are shown on the right. auth key AES input blocks CEBE321F6FF7716B6FD4AB49AF256A15 0EC675AD498AFEEAB6960B3AABE60000 6D38BAA48F0A0ACF3C34E2359E6CDBCE 0EC675AD498AFEEAB6960B3AABE60001 E049646C43D9327AD175578EF7227098 0EC675AD498AFEEAB6960B3AABE60002 6371C10C9A369AC2F94A8C5FBCDDDC25 0EC675AD498AFEEAB6960B3AABE60003 6D6E919A48B610EF17C2041E47403576 0EC675AD498AFEEAB6960B3AABE60004 6B68642C59BBFC2F34DB60DBDFB2 0EC675AD498AFEEAB6960B3AABE60005
It should say:
This section provides test data for the default key derivation function, which uses AES-128 in Counter Mode. In the following, we walk through the initial key derivation for the AES-128 Counter Mode cipher, which requires a 16 octet session encryption key and a 14 octet session salt, and an authentication function which requires a 20-octet session authentication key. (...) Below, the auth key is shown on the left, while the corresponding AES input blocks are shown on the right. auth key blocks AES input blocks CEBE321F6FF7716B6FD4AB49AF256A15 0EC675AD498AFEEAB6960B3AABE60000 6D38BAA4 0EC675AD498AFEEAB6960B3AABE60001 auth key: CEBE321F6FF7716B6FD4AB49AF256A156D38BAA4
Notes:
The RFC specifies a 160 bit, 20-octet session authentication key throughout (section 5.2, Section 8.2, Section 9.2 and Section 9.5), but the vectors and derivation in section B.3 specifies the need for a 94-octet session key, and includes test vectors as such.
--VERIFIER NOTES--
This test vector does not contradict any other section. It explicitly says that it is a test vector for "an authentication function which requires a 94-octet session authentication key".
In rejecting this Errata report I note that the reported text is not an error, but a deliberate decision of the authors and working group.