The change is in "a list of symmetric cipher/HKDF hash pairs" and Ben
suggests changing "HKDF hash" to either "Hash algorithm" or "Hash
algorithm (to be used with HKDF)".
The hash is not just used for the HKDF, but also for Transcript-Hash, so
if this had to be changed, I would vote for "Hash algorithm". Note that
"HKDF hash" is used consistently in one other place, so that might have
to be changed as well.
Additionally, Section 7.1 defined relates both the three "hash"
functions:
The Hash function used by Transcript-Hash and HKDF is the cipher
suite hash algorithm.
This is a minor update to a text that was not incorrect. Not sure
whether this was really worth an errata report.
Kind regards,
Peter
On Fri, Apr 24, 2020 at 02:18:39AM -0700, RFC Errata System wrote:
> The following errata report has been submitted for RFC8446,
> "The Transport Layer Security (TLS) Protocol Version 1.3".
>
> --
> You may review the report below and at:
> https://www.rfc-editor.org/errata/eid6124
>
> --
> Type: Editorial
> Reported by: Ben Smyth
>
> Section: 2
>
> Original Text
> -
>In the Key Exchange phase, the client sends the ClientHello
>
>(Section 4.1.2) message, which contains a random nonce
>
>(ClientHello.random); its offered protocol versions; a list of
>
>symmetric cipher/HKDF hash pairs; either a set of Diffie-Hellman key
>
>shares (in the "key_share" (Section 4.2.8) extension), a set of
>
>pre-shared key labels (in the "pre_shared_key" (Section 4.2.11)
>
>extension), or both; and potentially additional extensions.
>
> Corrected Text
> --
>In the Key Exchange phase, the client sends the ClientHello
>
>(Section 4.1.2) message, which contains a random nonce
>
>(ClientHello.random); its offered protocol versions; a list of
>
>symmetric cipher/Hash algorithm pairs; either a set of Diffie-Hellman key
>
>shares (in the "key_share" (Section 4.2.8) extension), a set of
>
>pre-shared key labels (in the "pre_shared_key" (Section 4.2.11)
>
>extension), or both; and potentially additional extensions.
>
> or
>
>In the Key Exchange phase, the client sends the ClientHello
>
>(Section 4.1.2) message, which contains a random nonce
>
>(ClientHello.random); its offered protocol versions; a list of
>
>symmetric cipher/Hash algorithm (to be used with HKDF) pairs; either a set
> of Diffie-Hellman key
>shares (in the "key_share" (Section 4.2.8) extension), a set of
>
>pre-shared key labels (in the "pre_shared_key" (Section 4.2.11)
>
>extension), or both; and potentially additional extensions.
>
> Notes
> -
>
>
> Instructions:
> -
> This erratum is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party
> can log in to change the status and edit the report, if necessary.
>
> --
> RFC8446 (draft-ietf-tls-tls13-28)
> --
> Title : The Transport Layer Security (TLS) Protocol Version 1.3
> Publication Date: August 2018
> Author(s) : E. Rescorla
> Category: PROPOSED STANDARD
> Source : Transport Layer Security
> Area: Security
> Stream : IETF
> Verifying Party : IESG
>
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
