RFC Errata
RFC 5216, "The EAP-TLS Authentication Protocol", March 2008
Note: This RFC has been updated by RFC 8996, RFC 9190
Source of RFC: emu (sec)See Also: RFC 5216 w/ inline errata
Errata ID: 1389
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2008-03-26
Verifier Name: Pasi Eronen
Date Verified: 2009-01-05
Section 2.1.3 says:
If the peer's authentication is unsuccessful, the EAP server SHOULD send an EAP-Request packet with EAP-Type=EAP-TLS, encapsulating a TLS record containing the appropriate TLS alert message. The EAP server | SHOULD send a TLS alert message immediately terminating the conversation so as to allow the peer to inform the user or log the cause of the failure and possibly allow for a restart of the conversation.
It should say:
If the peer's authentication is unsuccessful, the EAP server SHOULD send an EAP-Request packet with EAP-Type=EAP-TLS, encapsulating a TLS record containing the appropriate TLS alert message. The EAP server | SHOULD send a TLS alert message rather than immediately terminating ^^^^^^^^^^^^ the conversation so as to allow the peer to inform the user or log the cause of the failure and possibly allow for a restart of the conversation.
Notes:
The double word omission totally distorts the proper sense
of the sentence. The 4th paragraph of this section describes
the converse scenarion, and it does it properly; the wording
from there has been adopted above.
Note that RFC 2716 already had dropped the word "than" making it
difficult to understand. Additionally dropping "rather" as well in
RFC 5216 fully distorts the intended sense and leads to confusion.
[Confirmed by Bernard Aboba and Ryan Hurst]