Errata Search
RFC Number:		Errata ID:
Source of RFC		Status:	All/Any Verified+Reported Verified Reported Held for Document Update Rejected
Area Acronym:	All/Any app art gen int ops rai rtg sec tsv wit	Type:	All/Any Editorial Technical
WG Acronym:		Submitter Name:
Other:	All/Any IAB INDEPENDENT IRTF Legacy Editorial	Date Submitted:
Summary Table Full Records

Found 4 records.

Status: Reported (4)

RFC 4758, "Cryptographic Token Key Initialization Protocol (CT-KIP) Version 1.0 Revision 1", November 2006

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 5628
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Conrad Meyer
Date Reported: 2019-02-09

Section 3.5 says:

K_TOKEN = CT-KIP-PRF (R_C, "Key generation" || k || R_S, dsLen)

It should say:

K_TOKEN = CT-KIP-PRF (R_C, k || "Key generation" || R_S, dsLen)

Notes:

Here the RFC is simply incorrect w.r.t. the reference implementation (RSA's proprietary software).

The corrected text matches the reference implementation.

There are several more errata along these lines. With (all) the corrections, it becomes possible to implement 3rd party RFC4758 clients and servers that interact correctly with RSA clients and servers from the RFC text.

Errata ID: 5629
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Conrad Meyer
Date Reported: 2019-02-09

Section 3.8.6 says:

MAC = CT-KIP-PRF (K_AUTH, "MAC 2 computation" || R_C, dsLen)

It should say:

MAC = CT-KIP-PRF (K_AUTH, "MAC 2 Computation" || R_C, dsLen)

Notes:

Note the capitalization of the "C" in "Computation."

Here the RFC is simply incorrect w.r.t. the reference implementation (RSA's proprietary software); the corrected text matches the reference implementation.

Errata ID: 5630
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Conrad Meyer
Date Reported: 2019-02-09

Section D.2.2 says:

F (k, s, i) = OMAC1-AES (k, INT (i) || s)

It should say:

F (k, s, i) = OMAC1-AES (k, s || INT (i))

Notes:

The corrected text matches the (only) reference implementation; the RFC text does not.

Errata ID: 5631
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Conrad Meyer
Date Reported: 2019-02-09

Section D.2.1 says:

For tokens supporting this realization of CT-KIP-PRF, the following
URI may be used to identify this algorithm in CT-KIP:

http://www.rsasecurity.com/rsalabs/otps/schemas/2005/12/
ct-kip#ct-kip-prf-aes

It should say:

For tokens supporting this realization of CT-KIP-PRF, either of
the following URIs may be used to identify this algorithm in CT-KIP:

http://www.rsasecurity.com/rsalabs/otps/schemas/2005/12/
ct-kip#ct-kip-prf-aes

http://www.rsasecurity.com/rsalabs/otps/schemas/2005/11/
ct-kip#ct-kip-prf-aes

Notes:

It seems some versions of the reference implementation use the 2005/11 date and some the 2005/12 one. Both refer to the same PRF construction.

Report New Errata