RFC 5802, "Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms", July 2010Source of RFC: sasl (sec)
See Also: RFC 5802 w/ inline errata
Errata ID: 2651
Publication Format(s) : TEXT
Reported By: Jehan Pagès
Date Reported: 2010-11-30
Verifier Name: Sean Turner
Date Verified: 2011-03-09
Section 7 says:
nonce = "r=" c-nonce [s-nonce] ;; Second part provided by server. c-nonce = printable s-nonce = printable
It should say:
nonce = "r=" c-nonce [s-nonce] ;; Second part provided by server. c-nonce = 1*(printable) s-nonce = 1*(printable)
"printable" is defined this way:
printable = %x21-2B / %x2D-7E
;; Printable ASCII except ",".
;; Note that any "printable" is also
;; a valid "value".
Hence a "printable" is a single printable character (except ','). But a nonce is a "a sequence of random printable ASCII characters excluding ','" (section 5.1), as can also be seen by the examples (and common sense for a security feature using randomness).