# RFC Errata

### RFC 6287, "OCRA: OATH Challenge-Response Algorithm", June 2011

Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec

Errata ID: 4114

**Status: Reported
Type: Technical
**

Reported By: Marc Girault

Date Reported: 2014-09-16

Section 7 says:

R = OCRA(K, {[C] | Q | [P | S | T]}) RS = OCRA(K, [C] | QC | QS | [S | T]) OCRA(K, [C] | QC | QS | [S | T]) != RS RC = OCRA(K, [C] | QS | QC | [P | S | T]) OCRA(K, [C] | QS | QC | [P|S|T]) != RC SIGN = OCRA(K, [C] | QS | [P | T]) RS = OCRA(K, [C] | QC | QS | [T] OCRA(K, [C] | QC | QS | [T]) != RS SIGN = OCRA( K, [C] | QS | QC | [P | T]) OCRA(K, [C] | QS | QC | [P|T]) != SIGN

It should say:

R = CryptoFunction(K, OCRASuite | 00 | [C] | Q | [P | S | T]) RS = CryptoFunction(K, OCRASuite | 00 | [C] | QC | QS | [S | T]) CryptoFunction(K, OCRASuite | 00 | [C] | QC | QS | [S | T]) != RS RC = CryptoFunction(K, OCRASuite | 00 | [C] | QS | QC | [P | S | T]) CryptoFunction(K, OCRASuite | 00 | [C] | QS | QC | [P|S|T]) != RC SIGN = CryptoFunction(K, OCRASuite | 00 | [C] | QS | [P | T]) RS = CryptoFunction(K, OCRASuite | 00 | [C] | QC | QS | [T] CryptoFunction(K, OCRASuite | 00 | [C] | QC | QS | [T]) != RS SIGN = CryptoFunction( K, OCRASuite | 00 | [C] | QS | QC | [P | T]) CryptoFunction(K, OCRASuite | 00 | [C] | QS | QC | [P|T]) != SIGN

Notes:

Page 5, DataInput is defined as the concatenation of OCRASuite, byte 00 and five parameters. Pages 11 and subsequent ones, it is defined as the concatenation of only those five parameters, omitting OCRASuite and byte 00. This is technically inconsistent.

The proposed new text anticipates positive verification of errata n°4113 and supersedes it.