The following errata report has been held for document update for RFC7905, "ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS)".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid5251 -------------------------------------- Status: Held for Document Update Type: Technical Reported by: Xavier Bonnetain <xavier.bonnet...@inria.fr> Date Reported: 2018-02-01 Held by: Paul Wouters (IESG) Section: 4. Security Original Text ------------- Poly1305 is designed to ensure that forged messages are rejected with a probability of 1-(n/2^107), where n is the maximum length of the input to Poly1305. In the case of (D)TLS, this means a maximum forgery probability of about 1 in 2^93. Corrected Text -------------- Poly1305 is designed to ensure that forged messages are rejected with a probability of 1-(n/2^106), where n is the maximum length of the input to Poly1305. In the case of (D)TLS, this means a maximum forgery probability of about 1 in 2^92. Notes ----- The security claimed on poly1305 is slightly beyond what was proven by the designer (see https://cr.yp.to/mac/poly1305-20050329.pdf), and the trivial forgery attempt with a message of length 1 succeeds with probability 2^{-106}. Paul Wouters(AD): See https://mailarchive.ietf.org/arch/msg/tls/dBMIsLsaA7XevXpd9hzJ6skMqE4/ -------------------------------------- RFC7905 (draft-ietf-tls-chacha20-poly1305-04) -------------------------------------- Title : ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS) Publication Date : June 2016 Author(s) : A. Langley, W. Chang, N. Mavrogiannopoulos, J. Strombergson, S. Josefsson Category : PROPOSED STANDARD Source : Transport Layer Security Stream : IETF Verifying Party : IESG _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls