RFC Errata
Found 2 records.
Status: Verified (2)
RFC 9142, "Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)", January 2022
Source of RFC: curdle (sec)
Errata ID: 7799
Status: Verified
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: Ben S
Date Reported: 2024-02-07
Verifier Name: Paul Wouters
Date Verified: 2024-02-07
Section 1.2.1 says:
+============+=============================+ | Curve Name | Estimated Security Strength | +============+=============================+ | nistp256 | 128 bits | +------------+-----------------------------+ | nistp384 | 192 bits | +------------+-----------------------------+ | nistp521 | 512 bits | +------------+-----------------------------+ | curve25519 | 128 bits | +------------+-----------------------------+ | curve448 | 224 bits | +------------+-----------------------------+
It should say:
+============+=============================+ | Curve Name | Estimated Security Strength | +============+=============================+ | nistp256 | 128 bits | +------------+-----------------------------+ | nistp384 | 192 bits | +------------+-----------------------------+ | nistp521 | 256 bits | +------------+-----------------------------+ | curve25519 | 128 bits | +------------+-----------------------------+ | curve448 | 224 bits | +------------+-----------------------------+
Notes:
P-521 has approximately 256 bits of security (rather than 512), as per Table 1 of Section 6.1.1 of FIPS 186-5, and Section 9 Paragraph 5 of RFC 5656.
Errata ID: 7126
Status: Verified
Type: Editorial
Publication Format(s) : TEXT, PDF, HTML
Reported By: Jacob Nevins
Date Reported: 2022-09-12
Verifier Name: RFC Editor
Date Verified: 2022-09-13
Section 1.2.1 says:
The curve25519 and curve488 security-level numbers are in [RFC7748].
It should say:
The curve25519 and curve448 security-level numbers are in [RFC7748].
Notes:
"curve488" should be "curve448". (From context, this is unlikely to cause significant confusion for readers, since "Curve488" does not represent a well-known primitive and is not mentioned in the reference, whereas Curve448 is well-known and referred to in the reference and elsewhere in this document.)