errata logo graphic

Found 2 records.

Status: Verified (1)

RFC2384, "POP URL Scheme", August 1998

Source of RFC: Legacy

Errata ID: 2943

Status: Verified
Type: Technical

Reported By: Frank Ellermann
Date Reported: 2011-08-18
Verifier Name: Peter Saint-Andre
Date Verified: 2011-11-14

Section 7 says:

        S: +OK POP3 server ready <1896.697170952@mail.eudora.com>
        C: APOP rg c4c9334bac560ecc979e58001b3e22fb

It should say:

        S: +OK POP3 server ready <1896.697170952@mail.eudora.com>
        C: APOP rg 8f5de26536bc248ba202a9ca612e71bd

Notes:

If the password for user "rg" is "secret" as in the plain PASS example before this APOP example, then
MD5("<1896.697170952@mail.eudora.com>secret") should be as shown in the corrected text.

The original text is a modification of the APOP example in RFC 1939, and
MD5("<1896.697170952@dbc.mtview.ca.us>tanstaaf") almost certainly will not match any plausible
MD5("<1896.697170952@mail.eudora.com>"||password).


Status: Held for Document Update (1)

RFC2384, "POP URL Scheme", August 1998

Source of RFC: Legacy

Errata ID: 2942

Status: Held for Document Update
Type: Editorial

Reported By: Frank Ellermann
Date Reported: 2011-08-18
Held for Document Update by: Peter Saint-Andre
Date Held: 2011-11-15

Section 7 says:

   The URL:

        <pop://baz;AUTH=SCRAM-MD5@foo.bar>

   Results in the following client commands:

        <connect to foo.bar, port 110>

        S: +OK POP3 server ready <1896.697170952@foo.bar>
        C: AUTH SCRAM-MD5 AGNocmlzADx0NG40UGFiOUhCMEFtL1FMWEI3MmVnQGVsZW

It should say:

   The URL:

        <pop://baz;AUTH=CRAM-MD5@foo.bar>

   Results in the following client commands:

        <connect to foo.bar, port 110>

        S: +OK POP3 server ready <1896.697170952@foo.bar>
        C: AUTH CRAM-MD5 AGNocmlzADx0NG40UGFiOUhCMEFtL1FMWEI3MmVnQGVsZW

Notes:

The name of the SASL mechanism based on RFC 2222 when this RFC was published is CRAM-MD5 specified in RFC 2195. This is unrelated to the SCRAM-family of SASL mechanisms specified in RFC 5802. Section 4 in RFC 2384 explains the intended SASL POP mechanism names; notably no "S" to indicate SASL.

VERIFIER NOTE: We could change "SCRAM-MD5" to "CRAM-MD5", but we would need to modify the Base64 at the same time. This should be done through a document update or a separate erratum.


Report New Errata