RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 5216, "The EAP-TLS Authentication Protocol", March 2008

Note: This RFC has been updated by RFC 8996, RFC 9190

Source of RFC: emu (sec)
See Also: RFC 5216 w/ inline errata

Errata ID: 1389
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Alfred Hoenes
Date Reported: 2008-03-26
Verifier Name: Pasi Eronen
Date Verified: 2009-01-05

Section 2.1.3 says:

   If the peer's authentication is unsuccessful, the EAP server SHOULD
   send an EAP-Request packet with EAP-Type=EAP-TLS, encapsulating a TLS
   record containing the appropriate TLS alert message.  The EAP server
|  SHOULD send a TLS alert message immediately terminating the
   conversation so as to allow the peer to inform the user or log the
   cause of the failure and possibly allow for a restart of the
   conversation.

It should say:

   If the peer's authentication is unsuccessful, the EAP server SHOULD
   send an EAP-Request packet with EAP-Type=EAP-TLS, encapsulating a TLS
   record containing the appropriate TLS alert message.  The EAP server
|  SHOULD send a TLS alert message rather than immediately terminating
                                   ^^^^^^^^^^^^
   the conversation so as to allow the peer to inform the user or log
   the cause of the failure and possibly allow for a restart of the
   conversation.

Notes:

The double word omission totally distorts the proper sense
of the sentence. The 4th paragraph of this section describes
the converse scenarion, and it does it properly; the wording
from there has been adopted above.

Note that RFC 2716 already had dropped the word "than" making it
difficult to understand. Additionally dropping "rather" as well in
RFC 5216 fully distorts the intended sense and leads to confusion.

[Confirmed by Bernard Aboba and Ryan Hurst]

Report New Errata



Advanced Search