RFC 5802, "Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms", July 2010Source of RFC: sasl (sec)
Errata ID: 2689
Status: Held for Document Update
Publication Format(s) : TEXT
Reported By: Steffen Lehmann
Date Reported: 2011-01-21
Held for Document Update by: Tim Polk
Section 5.2 says:
2b) SCRAM sends additional data with success.
It should say:
2b) SCRAM sends additional data with success. If the server sends the additional data as a challenge, the response to this challenge is a empty response.
The added information MUST be supplied according to RFC 4422, Section 5, Paragraph 2b.