Errata Search
RFC Number:		Errata ID:
Source of RFC		Status:	All/Any Verified+Reported Verified Reported Held for Document Update Rejected
Area Acronym:	All/Any app art gen int ops rai rtg sec tsv wit	Type:	All/Any Editorial Technical
WG Acronym:		Submitter Name:
Other:	All/Any IAB INDEPENDENT IRTF Legacy Editorial	Date Submitted:
Summary Table Full Records

RFC 4226, "HOTP: An HMAC-Based One-Time Password Algorithm", December 2005

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

---

Errata ID: 834
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2006-01-18
Held for Document Update by: Sean Turner
Date Held: 2010-07-30

Section E.4 says:

   1) C-client >= C-server
   2) C-client - C-server <= s
   3) Check that HOTP client is valid HOTP(K,C-Client)
   4) If true, the server sets C to C-client + 1 and client is
      authenticated                           ^^^
                              ^^^             ^^^

It should say:

   1) C-client >= C-server
   2) C-client - C-server <= s
|  3) Check that HOTP client is valid HOTP(K,C-client)
|  4) If true, the server sets C-server to C-client + 1 and client is
      authenticated

Notes:

Lines up with Errata ID 2402.

The enumeration in Appendix E.4, on page 34, contains inconsistent
variable namings (cf. [Errata ID 2402]!).
To make it self-consistent, change as detailed.

Report New Errata