RFC Errata
RFC 5802, "Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms", July 2010
Note: This RFC has been updated by RFC 7677, RFC 9266
Source of RFC: sasl (sec)See Also: RFC 5802 w/ inline errata
Errata ID: 2651
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Jehan Pagès
Date Reported: 2010-11-30
Verifier Name: Sean Turner
Date Verified: 2011-03-09
Section 7 says:
nonce = "r=" c-nonce [s-nonce]
;; Second part provided by server.
c-nonce = printable
s-nonce = printable
It should say:
nonce = "r=" c-nonce [s-nonce]
;; Second part provided by server.
c-nonce = 1*(printable)
s-nonce = 1*(printable)
Notes:
"printable" is defined this way:
printable = %x21-2B / %x2D-7E
;; Printable ASCII except ",".
;; Note that any "printable" is also
;; a valid "value".
Hence a "printable" is a single printable character (except ','). But a nonce is a "a sequence of random printable ASCII characters excluding ','" (section 5.1), as can also be seen by the examples (and common sense for a security feature using randomness).