RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 1 record.

Status: Held for Document Update (1)

RFC 5734, "Extensible Provisioning Protocol (EPP) Transport over TCP", August 2009

Source of RFC: IETF - NON WORKING GROUP

Errata ID: 1875

Status: Held for Document Update
Type: Technical

Reported By: Alfred Hoenes
Date Reported: 2009-09-11
Held for Document Update by: Alexey Melnikov

Section 1 says:

   This document describes how the Extensible Provisioning Protocol
   (EPP) is mapped onto a single client-server TCP connection.  Security
   services beyond those defined in EPP are provided by the Transport
|  Layer Security (TLS) Protocol [RFC2246].  EPP is described in
   [RFC5730].  TCP is described in [RFC0793].  This document obsoletes
   RFC 4934 [RFC4934].

It should say:

   This document describes how the Extensible Provisioning Protocol
   (EPP) is mapped onto a single client-server TCP connection.  Security
   services beyond those defined in EPP are provided by the Transport
|  Layer Security (TLS) Protocol ([RFC2246], [RFC4346], and [RFC5246]).
   EPP is described in [RFC5730].  TCP is described in [RFC0793].
   This document obsoletes RFC 4934 [RFC4934].

Notes:

Rationale:

The RFC text potentially misguides the reader to conclude that
EPP over TCP is normatively bound to the outdated and slightly
flawed version TLS v1.0 specified in [RFC2246], which in the
meantime has been superseded twice, first by TLS v1.1 ([RFC4346]),
and then by TLS v1.2 ([RFC5246]).

However, later on in the RFC, Sections 8 and 9 make it clear that
this is not the intent of the standard -- implementations MUST
use the most recent version of TLS available to the peers.
Sections 8 and 9 refer to all three versions of TLS specified
so far, and thus, for consistency, the Introduction should not
indicate otherwise. The addition of the additional references
seems sufficient to align the expectations of readers of the
Introduction with what is detailed later in the Standard.

Releated Note for Section 11:

Arguably it would have been preferable to have not only the
obsoleted RFC 2246, but also RFC 4346 and RFC 5246 listed as
*Normative* References.
BTW, the Normative Reference to RFC 2246 arguably is a downref
and hence surprising anyway in a Full Standard.

Report New Errata