The following errata report has been submitted for RFC7427, "Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)".
-------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=7427&eid=4296 -------------------------------------- Type: Editorial Reported by: Annie Yousar <[email protected]> Section: A.4.3 Original Text ------------- Here the parameters are present and contain hashAlgorithm of SHA-256, | maskGenAlgorithm of SHA-256, saltLength of 32, and trailerField of 1. 0000 : SEQUENCE 0002 : OBJECT IDENTIFIER RSASSA-PSS (1.2.840.113549.1.1.10) 000d : SEQUENCE 000f : CONTEXT 0 0011 : SEQUENCE 0013 : OBJECT IDENTIFIER id-sha256 (2.16.840.1.101.3.4.2.1) 001e : NULL 0020 : CONTEXT 1 0022 : SEQUENCE | 0024 : OBJECT IDENTIFIER 1.2.840.113549.1.1.8 002f : SEQUENCE 0031 : OBJECT IDENTIFIER id-sha256 (2.16.840.1.101.3.4.2.1) 003c : NULL 003e : CONTEXT 2 0040 : INTEGER 0x20 (6 bits) | 0043 : CONTEXT 3 | 0045 : INTEGER 0x1 (1 bits) Name = RSASSA-PSS with sha-256, oid = 1.2.840.113549.1.1.10 | Length = 72 0000: 3046 0609 2a86 4886 f70d 0101 0a30 39a0 0010: 0f30 0d06 0960 8648 0165 0304 0201 0500 0020: a11c 301a 0609 2a86 4886 f70d 0101 0830 0030: 0d06 0960 8648 0165 0304 0201 0500 a203 | 0040: 0201 20a3 0302 0101 Corrected Text -------------- Here the parameters are present and contain hashAlgorithm of SHA-256, | maskGenAlgorithm of MGF1 with SHA-256, saltLength of 32, and | trailerField of 1. | Note that since the trailerField has the default value it MUST NOT be | encoded according to the Distiguished Encoding Rules (DER) of ASN.1. 0000 : SEQUENCE 0002 : OBJECT IDENTIFIER RSASSA-PSS (1.2.840.113549.1.1.10) 000d : SEQUENCE 000f : CONTEXT 0 0011 : SEQUENCE 0013 : OBJECT IDENTIFIER id-sha256 (2.16.840.1.101.3.4.2.1) 001e : NULL 0020 : CONTEXT 1 0022 : SEQUENCE | 0024 : OBJECT IDENTIFIER id-mgf1 (1.2.840.113549.1.1.8) 002f : SEQUENCE 0031 : OBJECT IDENTIFIER id-sha256 (2.16.840.1.101.3.4.2.1) 003c : NULL 003e : CONTEXT 2 0040 : INTEGER 0x20 (6 bits) Name = RSASSA-PSS with sha-256, oid = 1.2.840.113549.1.1.10 | Length = 67 0000: 3046 0609 2a86 4886 f70d 0101 0a30 39a0 0010: 0f30 0d06 0960 8648 0165 0304 0201 0500 0020: a11c 301a 0609 2a86 4886 f70d 0101 0830 0030: 0d06 0960 8648 0165 0304 0201 0500 a203 | 0040: 0201 20 Notes ----- 1. The maskGenAlgorithm is in fact not SHA-256 (2.16.840.1.101.3.4.2.1), but MGF1 (1.2.840.113549.1.1.8) based on SHA-256 (2.16.840.1.101.3.4.2.1). 2. Section 3 requires the use of DER: The ASN.1 used here is the same ASN.1 used in the AlgorithmIdentifier of PKIX (see Section 4.1.1.2 of [RFC5280]), encoded using distinguished encoding rules (DER) [CCITT.X690.2002]. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -------------------------------------- RFC7427 (draft-kivinen-ipsecme-signature-auth-07) -------------------------------------- Title : Signature Authentication in the Internet Key Exchange Version 2 (IKEv2) Publication Date : January 2015 Author(s) : T. Kivinen, J. Snyder Category : PROPOSED STANDARD Source : IP Security Maintenance and Extensions Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
