RFC Errata
RFC 3711, "The Secure Real-time Transport Protocol (SRTP)", March 2004
Note: This RFC has been updated by RFC 5506, RFC 6904, RFC 9335
Source of RFC: avt (rai)
Errata ID: 7606
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: David Satterlee
Date Reported: 2023-08-17
Rejected by: Francesca Palombini
Date Rejected: 2023-11-07
Section B.3 says:
This section provides test data for the default key derivation function, which uses AES-128 in Counter Mode. In the following, we walk through the initial key derivation for the AES-128 Counter Mode cipher, which requires a 16 octet session encryption key and a 14 octet session salt, and an authentication function which requires a 94-octet session authentication key. (...) Below, the auth key is shown on the left, while the corresponding AES input blocks are shown on the right. auth key AES input blocks CEBE321F6FF7716B6FD4AB49AF256A15 0EC675AD498AFEEAB6960B3AABE60000 6D38BAA48F0A0ACF3C34E2359E6CDBCE 0EC675AD498AFEEAB6960B3AABE60001 E049646C43D9327AD175578EF7227098 0EC675AD498AFEEAB6960B3AABE60002 6371C10C9A369AC2F94A8C5FBCDDDC25 0EC675AD498AFEEAB6960B3AABE60003 6D6E919A48B610EF17C2041E47403576 0EC675AD498AFEEAB6960B3AABE60004 6B68642C59BBFC2F34DB60DBDFB2 0EC675AD498AFEEAB6960B3AABE60005
It should say:
This section provides test data for the default key derivation function, which uses AES-128 in Counter Mode. In the following, we walk through the initial key derivation for the AES-128 Counter Mode cipher, which requires a 16 octet session encryption key and a 14 octet session salt, and an authentication function which requires a 20-octet session authentication key. (...) Below, the auth key is shown on the left, while the corresponding AES input blocks are shown on the right. auth key blocks AES input blocks CEBE321F6FF7716B6FD4AB49AF256A15 0EC675AD498AFEEAB6960B3AABE60000 6D38BAA4 0EC675AD498AFEEAB6960B3AABE60001 auth key: CEBE321F6FF7716B6FD4AB49AF256A156D38BAA4
Notes:
The RFC specifies a 160 bit, 20-octet session authentication key throughout (section 5.2, Section 8.2, Section 9.2 and Section 9.5), but the vectors and derivation in section B.3 specifies the need for a 94-octet session key, and includes test vectors as such.
--VERIFIER NOTES--
This test vector does not contradict any other section. It explicitly says that it is a test vector for "an authentication function which requires a 94-octet session authentication key".
In rejecting this Errata report I note that the reported text is not an error, but a deliberate decision of the authors and working group.