The following errata report has been held for document update
for RFC2631, "Diffie-Hellman Key Agreement Method".
--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid5954
--------------------------------------
Status: Held for Document Update
Type: Technical
Reported by: Paul Janson <silversplash(_at_)gmx(_dot_)com>
Date Reported: 2020-01-02
Held by: Benjamin Kaduk (IESG)
Section: 2.1.5.
Original Text
-------------
1. Verify that y lies within the interval [2,p-1]. If it does not,
the key is invalid.
2. Compute y^q mod p. If the result == 1, the key is valid.
Otherwise the key is invalid.
Corrected Text
--------------
1. Verify that y lies within the interval [2,p-1]. If it does not,
the key is invalid.
2. Compute y^q mod p. If the result == 1, the key is valid.
Otherwise the key is invalid.
3. Verify that y does not match g.
Notes
-----
Validating that (g == received y) needs to be an additional exclusion to the
valid range [2,p-1]. If party 'a' accepts received public key 'yb' matching
'g', then ZZ matches public key 'ya'. i.e. if yb = 2, then xb = 1, therefore
ZZ = ya^1 = ya
--------------------------------------
RFC2631 (draft-ietf-smime-x942-07)
--------------------------------------
Title : Diffie-Hellman Key Agreement Method
Publication Date : June 1999
Author(s) : E. Rescorla
Category : PROPOSED STANDARD
Source : S/MIME Mail Security
Area : Security
Stream : IETF
Verifying Party : IESG
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime