errata logo graphic

Found 4 records.

Status: Verified (2)

RFC3552, "Guidelines for Writing RFC Text on Security Considerations", July 2003

Source of RFC: IAB

Errata ID: 2142

Status: Verified
Type: Editorial

Reported By: Lev Novikov
Date Reported: 2010-04-08
Verifier Name: Danny McPherson
Date Verified: 2010-09-10

Section 4.5.2.2 says:

   Note that if the client has a certificate than SSL-based client
   authentication can be used.  To make this easier, SASL provides the
   EXTERNAL mechanism, whereby the SASL client can tell the server
   "examine the outer channel for my identity".  Obviously, this is not
   subject to the layering attacks described above.

It should say:

   Note that if the client has a certificate then SSL-based client
   authentication can be used.  To make this easier, SASL provides the
   EXTERNAL mechanism, whereby the SASL client can tell the server
   "examine the outer channel for my identity".  Obviously, this is not
   subject to the layering attacks described above.

Notes:

Changed "than" to "then".


Errata ID: 2248

Status: Verified
Type: Editorial

Reported By: Glen Zorn
Date Reported: 2010-05-07
Verifier Name: Danny McPherson
Date Verified: 2010-09-10

Section 4.5.1 says:

modifying with the kernel or installing new drivers.  

It should say:

modifying the kernel or installing new drivers.  

Notes:

Correct poor grammar.


Status: Reported (1)

RFC3552, "Guidelines for Writing RFC Text on Security Considerations", July 2003

Source of RFC: IAB

Errata ID: 3828

Status: Reported
Type: Editorial

Reported By: Eliot Lear
Date Reported: 2013-12-09

Section 5 says:

Part of the purpose of the
Security Considerations section is to explain what attacks are out of
scope and what countermeasures can be applied to defend against them.
In

It should say:

Part of the purpose of the Security Considerations section
is to explain what attacks are in and out of scope and what
countermeasures can be applied to defend against them.

Notes:

Note dangling "In".

Not sure if this is exactly what the authors had in mind, and might suggest a more substantial change in a document update. For the moment I *think* this covers it.


Status: Held for Document Update (1)

RFC3552, "Guidelines for Writing RFC Text on Security Considerations", July 2003

Source of RFC: IAB

Errata ID: 3562

Status: Held for Document Update
Type: Editorial

Reported By: James Abley
Date Reported: 2013-03-22
Held for Document Update by: Russ Housley

Section 3.3.5 says:

Note that it is only necessary to authenticate one side of the 
transaction in order to prevent man-in-the-middle attacks.  In such a
situation the the peers can establish an association in which only
one peer is authenticated.

It should say:

Note that it is only necessary to authenticate one side of the 
transaction in order to prevent man-in-the-middle attacks.  In such a
situation the peers can establish an association in which only
one peer is authenticated.

Notes:

Remove repetition of "the"


Report New Errata