RFC Errata
Found 4 records.
Status: Verified (2)
RFC 8422, "Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier", August 2018
Note: This RFC has been updated by RFC 8996
Source of RFC: tls (sec)
Errata ID: 5703
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Frank Theinen
Date Reported: 2019-04-23
Verifier Name: Benjamin Kaduk
Date Verified: 2019-05-01
Section 5.10. says:
All RSA signatures must be generated and verified according to Section 7.2 of [RFC8017].
It should say:
All RSA signatures must be generated and verified according to Section 8.2 of [RFC8017].
Notes:
Section 7.2 of RFC 8017 describes the RSAES-PKCS1-v1_5 encryption scheme. Section 8.2 of RFC 8017 describes the RSASSA-PKCS1-v1_5 signature scheme. The original text contradicts the natural expectation and is probably wrong. If it was intended, there should have been a thorough explanation (like in the well-known case of IKEv1 using the encryption scheme for signing).
Errata ID: 6002
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Rich Salz
Date Reported: 2020-03-02
Verifier Name: Benjamin Kaduk
Date Verified: 2020-03-05
Section 9 says:
IANA has assigned two values in the "TLS SignatureAlgorithm" registry for ed25519 (7) and ed448 (8) with this document as reference. This keeps compatibility with TLS 1.3.
It should say:
IANA has assigned two values in the "TLS SignatureAlgorithm" registry for ed25519 (7) and ed448 (8) with DTLS-OK set to "Y" and this document as reference. This keeps compatibility with TLS 1.3.
Notes:
IANA had consulted with Yoav, one of the authors (and a TLS registry expert), who explicitly told them to use DTLS-OK of "Y", but this clarification was not reflected in the final RFC. This also matches the text in the subsequent paragraph.
Status: Held for Document Update (2)
RFC 8422, "Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier", August 2018
Note: This RFC has been updated by RFC 8996
Source of RFC: tls (sec)
Errata ID: 5466
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Masato Gosui
Date Reported: 2018-08-17
Held for Document Update by: Benjamin Kaduk
Date Held: 2018-08-17
Section 5.3 says:
Actions of the sender: The server constructs an appropriate certificate chain and conveys it to the client in the Certificate message. If the client has used a Supported Elliptic Curves Extension, the public key in the server's certificate MUST respect the client's choice of elliptic curves. A server that cannot satisfy this requirement MUST NOT choose an ECC cipher suite in its ServerHello message.)
It should say:
Actions of the sender: The server constructs an appropriate certificate chain and conveys it to the client in the Certificate message. If the client has used a Supported Elliptic Curves Extension, the public key in the server's certificate MUST respect the client's choice of elliptic curves. A server that cannot satisfy this requirement MUST NOT choose an ECC cipher suite in its ServerHello message.
Notes:
This removes the spurious closing parenthesis of the last sentence of the "Actions of the sender" paragraph.
Errata ID: 5468
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Masato Gosui
Date Reported: 2018-08-17
Held for Document Update by: Paul Wouters
Date Held: 2024-01-17
Section 5.4 says:
namedCurve: Specifies a recommended set of elliptic curve domain
It should say:
namedcurve: Specifies a recommended set of elliptic curve domain
Notes:
This fixes mismatched names of the variable "namedcurve" in the "Structure of this message" paragraph.