RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 4 records.

Status: Verified (3)

RFC 2865, "Remote Authentication Dial In User Service (RADIUS)", June 2000

Source of RFC: radius (ops)

Errata ID: 368

Status: Verified
Type: Technical

Reported By: Aaron Webb
Date Reported: 2002-09-12

Section 5.18 says:

   Multiple Reply-Message's MAY be included and if any are displayed,
   they MUST be displayed in the same order as they appear in the
   packet.

It should say:

   Multiple Reply-Messages MAY be included and if any are displayed,
   they MUST be displayed in the same order as they appear in the
   packet.

Errata ID: 1469

Status: Verified
Type: Technical

Reported By: Isaac NickAein
Date Reported: 2008-07-13
Verifier Name: Dan Romascanu
Date Verified: 2011-08-03

Section 7.3. says:

      02 01 00 38 15 ef bc 7d ab 26 cf a3 dc 34 d9 c0
      3c 86 01 a4 06 06 00 00 00 02 07 06 00 00 00 01
      08 06 ff ff ff fe 0a 06 00 00 00 02 0d 06 00 00
      00 01 0c 06 00 00 05 dc


It should say:

      02 01 00 38 E8 6F A2 FE 28 70 33 AD 2F 6D 5C A3
      F7 41 5D A2 06 06 00 00 00 02 07 06 00 00 00 01
      08 06 FF FF FF FE 0A 06 00 00 00 00 0D 06 00 00
      00 01 0C 06 00 00 05 DC

Notes:

in Attributes, "Framed-Routing" came with value "None" (0)
but in Hex dump of packet the value for this attribute is "Listen for routing packets" (2)

Correct Hex Dump, or Attributes.

Corrected Attributes is:

Attributes:
6 Service-Type (6) = Framed (2)
6 Framed-Protocol (7) = PPP (1)
6 Framed-IP-Address (8) = 255.255.255.254
6 Framed-Routing (10) = Listen for routing packets (2)
6 Framed-Compression (13) = VJ TCP/IP Header Compression (1)
6 Framed-MTU (12) = 1500

----------

VERIFIER NOTE: Referenced section should be 7.2 and not 7.3

Errata ID: 2712

Status: Verified
Type: Editorial

Reported By: Wang Haojian
Date Reported: 2011-02-12
Verifier Name: Dan Romascanu
Date Verified: 2011-02-13

Section 5 says:

      Note that none of the types in RADIUS terminate with a NUL (hex
      00).  In particular, types "text" and "string" in RADIUS do not
      terminate with a NUL (hex 00).  The Attribute has a length field
      and does not use a terminator.  Text contains UTF-8 encoded 10646
      [7] characters and String contains 8-bit binary data.  Servers and
      servers and clients MUST be able to deal with embedded nulls.
      ^^^^^^^^^^^^

It should say:

      Note that none of the types in RADIUS terminate with a NUL (hex
      00).  In particular, types "text" and "string" in RADIUS do not
      terminate with a NUL (hex 00).  The Attribute has a length field
      and does not use a terminator.  Text contains UTF-8 encoded 10646
      [7] characters and String contains 8-bit binary data.  Servers and
      clients MUST be able to deal with embedded nulls.

Notes:

Unnecessary Words.

Status: Rejected (1)

RFC 2865, "Remote Authentication Dial In User Service (RADIUS)", June 2000

Source of RFC: radius (ops)

Errata ID: 4077

Status: Rejected
Type: Technical

Reported By: Axel Luttgens
Date Reported: 2014-08-10
Rejected by: Benoit Claise
Date Rejected: 2014-10-07

Section 3 says:

      Response Authenticator

         The value of the Authenticator field in Access-Accept, Access-
         Reject, and Access-Challenge packets is called the Response
         Authenticator, and contains a one-way MD5 hash calculated over
         a stream of octets consisting of: the RADIUS packet, beginning
         with the Code field, including the Identifier, the Length, the
         Request Authenticator field from the Access-Request packet, and
         the response Attributes, followed by the shared secret.  That
         is, ResponseAuth =
         MD5(Code+ID+Length+RequestAuth+Attributes+Secret) where +
         denotes concatenation.

It should say:

      Response Authenticator

         The value of the Authenticator field in Access-Accept, Access-
         Reject, and Access-Challenge packets is called the Response
         Authenticator, and contains a one-way MD5 hash calculated over
         a stream of octets consisting of: the response Code field, the
         Identifier, the response Length, the Request Authenticator, the
         response Attributes, and finally the shared secret. 
         That is, ResponseAuth =
         MD5(Code+ID+Length+RequestAuth+Attributes+Secret) where +
         denotes concatenation.

Notes:

This sentence fragment "[...] consisting of: the RADIUS packet, [...]" tends to imply one is considering either the Access-Request packet, or the reply packet being under construction.

But this is inconsistent with the idea of having the the MD5 hash calculated over both the Request Authenticator and the response Attributes...
--VERIFIER NOTES--
As discussed with the AAA doctors

Report New Errata



Search RFCs
Advanced Search
×