RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 2 records.

Status: Reported (1)

RFC 5084, "Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS)", November 2007

Source of RFC: smime (sec)

Errata ID: 4774

Status: Reported
Type: Technical

Reported By: QUAN NGUYEN
Date Reported: 2016-08-11

Section 3.2 says:

aes-ICVlen       AES-GCM-ICVlen DEFAULT 12

A length of 12 octets is RECOMMENDED.

It should say:

aes-ICVlen       AES-GCM-ICVlen DEFAULT 16

A length of 16 octets is RECOMMENDED.

Notes:

Many JCE providers including OpenJDK, BouncyCastle, Conscrypt have a bug to use 12 bytes authentication tag (aes-ICVlen) as default if the code path [1] uses CMS. According to Ferguson's attack (http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/CWC-GCM/Ferguson2.pdf), if a user encrypts 2^32 block length message, then 12 bytes authentication tag length has only 96 - 32 = 64 bits security which is not good enough nowadays. Furthermore, once a forgery happens then authentication is leaked.

[1] In other code paths, all providers use 16 bytes authentication tag as default.

Status: Held for Document Update (1)

RFC 5084, "Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS)", November 2007

Source of RFC: smime (sec)

Errata ID: 4727

Status: Held for Document Update
Type: Editorial

Reported By: Peter Dettman
Date Reported: 2016-07-01
Held for Document Update by: Stephen Farrell
Date Held: 2016-07-01

Section 3.2 says:

   The AES-GCM authenticated encryption algorithm is described in [GCM].
   A brief summary of the properties of AES-CCM is provided in Section
   1.5.

It should say:

   The AES-GCM authenticated encryption algorithm is described in [GCM].
   A brief summary of the properties of AES-GCM is provided in Section
   1.5.

Notes:

Section 3.2 discusses AES-GCM, and links to Section 1.5 (titled "AES-GCM"), so the text "AES-CCM" in the second sentence should be "AES-GCM".

Report New Errata



Search RFCs
Advanced Search
×