The following errata report has been submitted for RFC7905, "ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS)".
-------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata/eid5251 -------------------------------------- Type: Technical Reported by: Xavier Bonnetain <xavier.bonnet...@inria.fr> Section: 4. Security Original Text ------------- Poly1305 is designed to ensure that forged messages are rejected with a probability of 1-(n/2^107), where n is the maximum length of the input to Poly1305. In the case of (D)TLS, this means a maximum forgery probability of about 1 in 2^93. Corrected Text -------------- Poly1305 is designed to ensure that forged messages are rejected with a probability of 1-(n/2^106), where n is the maximum length of the input to Poly1305. In the case of (D)TLS, this means a maximum forgery probability of about 1 in 2^92. Notes ----- The security claimed on poly1305 is slightly beyond what was proven by the designer (see https://cr.yp.to/mac/poly1305-20050329.pdf), and the trivial forgery attempt with a message of length 1 succeeds with probability 2^{-106}. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC7905 (draft-ietf-tls-chacha20-poly1305-04) -------------------------------------- Title : ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS) Publication Date : June 2016 Author(s) : A. Langley, W. Chang, N. Mavrogiannopoulos, J. Strombergson, S. Josefsson Category : PROPOSED STANDARD Source : Transport Layer Security Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls