RFC Errata
RFC 5802, "Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms", July 2010
Note: This RFC has been updated by RFC 7677, RFC 9266
Source of RFC: sasl (sec)See Also: RFC 5802 w/ inline errata
Errata ID: 2640
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Jehan Pagès
Date Reported: 2010-11-22
Verifier Name: Tim Polk
Date Verified: 2011-03-26
Section 5 says:
The server verifies the nonce and the proof, verifies that the authorization identity (if supplied by the client in the first message) is authorized to act as the authentication identity, and, finally, it responds with a "server-final-message", concluding the authentication exchange.
It should say:
The server verifies the nonce and the proof, verifies that the authentication identity is authorized to act as the authorization identity (if supplied by the client in the first message) , and, finally, it responds with a "server-final-message", concluding the authentication exchange.
Notes:
It is the authentication identity which acts as (if authorized to) the authorization identity, not the opposite.