Found 2 records.
Status: Verified (2)
RFC5801, "Using Generic Security Service Application Program Interface (GSS-API) Mechanisms in Simple Authentication and Security Layer (SASL): The GS2 Mechanism Family", July 2010Source of RFC: sasl (sec)
Errata ID: 2768
Reported By: Simon Josefsson
Date Reported: 2011-04-06
Verifier Name: Sean Turner
Date Verified: 2011-05-12
Section 10.1 and 11. says:
Section 10.1: const gss_OID desired_mech, Section 11.1: const gss_buffer_t sasl_mech_name,
It should say:
Section 10.1: gss_const_OID desired_mech, Section 11.1: gss_const_buffer_t sasl_mech_name, Add to section 2: The normative reference to [RFC5587] is for the C types "gss_const_buffer_t" and "gss_const_OID", nothing else from that document is required to implement this document. Add new normative reference: [RFC5587] Williams, N., "Extended Generic Security Service Mechanism Inquiry APIs", RFC 5587, July 2009.
There is a bug in the C interfaces for these functions. RFC 5587 section 3.4.6 explains the problem and specifies new types to use instead. This errata makes RFC 5801 use the corrected types.
As far as I understand, there are no technical/implementation implications caused by this change -- it merely helps the compiler check implementations better and (in some cases) it can avoid compiler warnings on application code.
A similar issue was recently discussed in the Kitten WG list.
Errata ID: 2825
Reported By: Thomas Maslen
Date Reported: 2011-06-07
Verifier Name: Stephen Farrell
Date Verified: 2013-03-16
Section 5.1 says:
The initiator-address-type and acceptor-address-type fields of the GSS-CHANNEL-BINDINGS structure MUST be set to 0.
It should say:
The initiator-address-type and acceptor-address-type fields of the GSS-CHANNEL-BINDINGS structure MUST be set to 255 (GSS_C_AF_NULLADDR).
See RFC 2744, section 3.11, last paragraph: "[...] or omit addressing information, specifying GSS_C_AF_NULLADDR as the address-types".
Appendix A of RFC 2744 specifies that the value of GSS_C_AF_NULLADDR is 255.