Loading...

sasl@ietf.org

[Prev] Thread [Next]  |  [Prev] Date [Next]

[sasl] [Technical Errata Reported] RFC5802 (2651) RFC Errata System Wed Dec 01 13:01:12 2010

The following errata report has been submitted for RFC5802,
"Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API 
Mechanisms".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata_search.php?rfc=5802&eid=2651

--------------------------------------
Type: Technical
Reported by: Jehan Pag├Ęs <[EMAIL PROTECTED]>

Section: 7

Original Text
-------------
   nonce           = "r=" c-nonce [s-nonce]
                     ;; Second part provided by server.

   c-nonce         = printable

   s-nonce         = printable


Corrected Text
--------------
   nonce           = "r=" c-nonce [s-nonce]
                     ;; Second part provided by server.

   c-nonce         = 1*(printable)

   s-nonce         = 1*(printable)


Notes
-----
"printable" is defined this way:
   printable       = %x21-2B / %x2D-7E
                     ;; Printable ASCII except ",".
                     ;; Note that any "printable" is also
                     ;; a valid "value".

Hence a "printable" is a single printable character (except ','). But a nonce 
is a "a sequence of random printable ASCII characters excluding ','" (section 
5.1), as can also be seen by the examples (and common sense for a security 
feature using randomness).

Instructions:
-------------
This errata is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party (IESG)
can log in to change the status and edit the report, if necessary. 

--------------------------------------
RFC5802 (draft-ietf-sasl-scram-11)
--------------------------------------
Title               : Salted Challenge Response Authentication Mechanism 
(SCRAM) SASL and GSS-API Mechanisms
Publication Date    : July 2010
Author(s)           : C. Newman, A. Menon-Sen, A. Melnikov, N. Williams
Category            : PROPOSED STANDARD
Source              : Simple Authentication and Security Layer
Area                : Security
Stream              : IETF
Verifying Party     : IESG
_______________________________________________
sasl mailing list
[EMAIL PROTECTED]
https://www.ietf.org/mailman/listinfo/sasl