RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 5802, "Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms", July 2010

Source of RFC: sasl (sec)

Errata ID: 2640
Status: Verified
Type: Editorial
Publication Format(s) : TEXT

Reported By: Jehan Pagès
Date Reported: 2010-11-22
Verifier Name: Tim Polk
Date Verified: 2011-03-26

Section 5 says:

The server verifies the nonce and the proof, verifies that the
authorization identity (if supplied by the client in the first
message) is authorized to act as the authentication identity, and,
finally, it responds with a "server-final-message", concluding the
authentication exchange.

It should say:

The server verifies the nonce and the proof, verifies that the
authentication identity is authorized to act as the authorization
identity (if supplied by the client in the first message) , and,
finally, it responds with a "server-final-message", concluding the
authentication exchange.

Notes:

It is the authentication identity which acts as (if authorized to) the authorization identity, not the opposite.

Report New Errata