RFC 5792, "PA-TNC: A Posture Attribute (PA) Protocol Compatible with Trusted Network Connect (TNC)", March 2010Source of RFC: nea (sec)
Errata ID: 3935
Reported By: Steve Hanna
Date Reported: 2014-03-27
Verifier Name: Stephen Farrell
Date Verified: 2014-05-08
Section 3.1 says:
Each PA-TNC message may contain one or more attributes associated with the functional component identified in the component type (PA Subtype) of the Posture Broker (PB) protocol.
It should say:
Each PA-TNC message may contain zero or more attributes associated with the functional component identified in the component type (PA Subtype) of the Posture Broker (PB) protocol.
Section 4 of RFC 5792 says “A PA-TNC message MUST contain a PA-TNC header (defined in section 3.6. followed by a sequence of zero or more PA-TNC attributes.” This contradicts the text in section 3.1, which says “one or more”. The correct text is “zero or more”. There’s no reason why a PA-TNC message containing zero attributes should be prohibited. For PA-TNC messages with some PA subtypes, an empty message containing no attributes may be enough.