RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 2 records.

Status: Reported (2)

RFC 7635, "Session Traversal Utilities for NAT (STUN) Extension for Third-Party Authorization", August 2015

Source of RFC: tram (tsv)

Errata ID: 4826

Status: Reported
Type: Technical

Reported By: Mihály Mészáros
Date Reported: 2016-10-10

Section 8. says:

8.  STUN Client Behavior

   o  The client looks for the MESSAGE-INTEGRITY attribute in the
      response.  If MESSAGE-INTEGRITY is absent or the value computed
      for message integrity using mac_key does not match the contents of
      the MESSAGE-INTEGRITY attribute, then the response MUST be
      discarded.

   o  If the access token expires, then the client MUST obtain a new
      token from the authorization server and use it for new STUN
      requests.

It should say:

8.  STUN Client Behavior

   o  The client looks for the MESSAGE-INTEGRITY attribute in the
      response.  If MESSAGE-INTEGRITY is absent or the value computed
      for message integrity using mac_key does not match the contents of
      the MESSAGE-INTEGRITY attribute, then the response MUST be
      discarded.

9.  Application (OAuth Client) Behavior

   o  If the access token expires, then the Application (OAuth client) 
      MUST obtain a new token from the authorization server, and update
      STUN client to use it for new STUN requests.

   o  Application SHOULD pass only a subset of the received OAuth 
      parameters to the STUN client. Only parameters SHOULD be passed 
      that will be really needed and used by the STUN Client. 
      In this way, only the kid, the mac_key, and the access_token
      parameters SHOULD be passed to the STUN client.
      

...
Renumber the sections
...

Notes:

1. Remove from STUN client behaviour the access_token renewal function,
and move this function up to application level.
2. Pass to STUN only that subset of the OAuth parameters, that will be really used by STUN Client.

Errata ID: 4923

Status: Reported
Type: Technical

Reported By: Mészáros Mihály
Date Reported: 2017-02-03

Section Appendix B. says:

          "key":"v51N62OM65kyMvfTI08O"

It should say:

        "key": "ew0KICAgICJrdHkiOiJvY3QiLA0KICAgICJ
raWQiOiJpZDEyMyIsDQogICAgImFsZyI6IkhTMjU2IiwNCiAgIC
AiayI6IlpvUlNPckZ6Tl9GelVBNVhLTVlvVkh5emZmNW9SSnhsL
UlYUnR6dEo2dUUiDQp9"

Notes:

"key" according https://tools.ietf.org/html/draft-ietf-oauth-pop-key-distribution-02#section-4.2
"The 'key' parameter either contains a plain JWK structure or a JWK encrypted with a JWE."

According Example Figure 2. "key" in draft-ietf-oauth-pop-key-distribution-02#section-4.2
It seems they missed to write plain JWK MUST be base64 format.
So according the example coorected the above sentence:

"The 'key' parameter either contains a plain BASE64 ENCODED JWK structure or a JWK encrypted with a JWE."

Anyhow in RFC7635 Appendix B. the
"key" seems to be not in base64 (JWK) or JWE encrypted JWK format.
(Base64 decoded key value string is "Salted__"....)

Report New Errata



Search RFCs
Advanced Search
×