RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 5802, "Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms", July 2010

Source of RFC: sasl (sec)

Errata ID: 5580
Status: Reported
Type: Editorial
Publication Format(s) : TEXT

Reported By: Wang Xin
Date Reported: 2018-12-19

Section 7 says:

   server-error-value = "invalid-encoding" /
                  "extensions-not-supported" /  ; unrecognized 'm' value
                  "invalid-proof" /
                  "channel-bindings-dont-match" /
                  "server-does-support-channel-binding" /
                    ; server does not support channel binding
                  "channel-binding-not-supported" /
                  "unsupported-channel-binding-type" /
                  "unknown-user" /
                  "invalid-username-encoding" /
                    ; invalid username encoding (invalid UTF-8 or
                    ; SASLprep failed)
                  "no-resources" /
                  "other-error" /
                  server-error-value-ext
           ; Unrecognized errors should be treated as "other-error".
           ; In order to prevent information disclosure, the server
           ; may substitute the real reason with "other-error".

It should say:

   server-error-value = "invalid-encoding" /
                  "extensions-not-supported" /  ; unrecognized 'm' value
                  "invalid-proof" /
                  "channel-bindings-dont-match" /
                  "server-does-support-channel-binding" /
                    ; the client thinks the server does not support 
                    ; channel binding, but the server does
                  "channel-binding-not-supported" /
                  "unsupported-channel-binding-type" /
                  "unknown-user" /
                  "invalid-username-encoding" /
                    ; invalid username encoding (invalid UTF-8 or
                    ; SASLprep failed)
                  "no-resources" /
                  "other-error" /
                  server-error-value-ext
           ; Unrecognized errors should be treated as "other-error".
           ; In order to prevent information disclosure, the server
           ; may substitute the real reason with "other-error".

Notes:

See Section 6, "If the flag is set to "y" and the server supports channel binding, the server MUST fail authentication. "
I assume the server-error-value "server-does-support-channel-binding" is designed for such situation.

Report New Errata