RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 2865, "Remote Authentication Dial In User Service (RADIUS)", June 2000

Note: This RFC has been updated by RFC 2868, RFC 3575, RFC 5080, RFC 6929, RFC 8044

Source of RFC: radius (ops)

Errata ID: 4077
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: Axel Luttgens
Date Reported: 2014-08-10
Rejected by: Benoit Claise
Date Rejected: 2014-10-07

Section 3 says:

      Response Authenticator

         The value of the Authenticator field in Access-Accept, Access-
         Reject, and Access-Challenge packets is called the Response
         Authenticator, and contains a one-way MD5 hash calculated over
         a stream of octets consisting of: the RADIUS packet, beginning
         with the Code field, including the Identifier, the Length, the
         Request Authenticator field from the Access-Request packet, and
         the response Attributes, followed by the shared secret.  That
         is, ResponseAuth =
         MD5(Code+ID+Length+RequestAuth+Attributes+Secret) where +
         denotes concatenation.

It should say:

      Response Authenticator

         The value of the Authenticator field in Access-Accept, Access-
         Reject, and Access-Challenge packets is called the Response
         Authenticator, and contains a one-way MD5 hash calculated over
         a stream of octets consisting of: the response Code field, the
         Identifier, the response Length, the Request Authenticator, the
         response Attributes, and finally the shared secret. 
         That is, ResponseAuth =
         MD5(Code+ID+Length+RequestAuth+Attributes+Secret) where +
         denotes concatenation.

Notes:

This sentence fragment "[...] consisting of: the RADIUS packet, [...]" tends to imply one is considering either the Access-Request packet, or the reply packet being under construction.

But this is inconsistent with the idea of having the the MD5 hash calculated over both the Request Authenticator and the response Attributes...
--VERIFIER NOTES--
As discussed with the AAA doctors

Report New Errata



Advanced Search