RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 6287, "OCRA: OATH Challenge-Response Algorithm", June 2011

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 4114

Status: Reported
Type: Technical

Reported By: Marc Girault
Date Reported: 2014-09-16

Section 7 says:

R = OCRA(K, {[C] | Q | [P | S | T]})

RS = OCRA(K, [C] | QC | QS | [S | T])

OCRA(K, [C] | QC | QS | [S | T]) != RS 

RC = OCRA(K, [C] | QS | QC | [P | S | T])

OCRA(K, [C] | QS | QC | [P|S|T]) != RC 

SIGN = OCRA(K, [C] | QS | [P | T])

RS = OCRA(K, [C] | QC | QS | [T]

OCRA(K, [C] | QC | QS | [T]) != RS

SIGN = OCRA( K, [C] | QS | QC | [P | T])

OCRA(K, [C] | QS | QC | [P|T]) != SIGN 

It should say:

R = CryptoFunction(K, OCRASuite | 00 | [C] | Q | [P | S | T])

RS = CryptoFunction(K, OCRASuite | 00 | [C] | QC | QS | [S | T])

CryptoFunction(K, OCRASuite | 00 | [C] | QC | QS | [S | T]) != RS 

RC = CryptoFunction(K, OCRASuite | 00 | [C] | QS | QC | [P | S | T])

CryptoFunction(K, OCRASuite | 00 | [C] | QS | QC | [P|S|T]) != RC

SIGN = CryptoFunction(K, OCRASuite | 00 | [C] | QS | [P | T])

RS = CryptoFunction(K, OCRASuite | 00 | [C] | QC | QS | [T]

CryptoFunction(K, OCRASuite | 00 | [C] | QC | QS | [T]) != RS  

SIGN = CryptoFunction( K, OCRASuite | 00 | [C] | QS | QC | [P | T])

CryptoFunction(K, OCRASuite | 00 | [C] | QS | QC | [P|T]) != SIGN

Notes:

Page 5, DataInput is defined as the concatenation of OCRASuite, byte 00 and five parameters. Pages 11 and subsequent ones, it is defined as the concatenation of only those five parameters, omitting OCRASuite and byte 00. This is technically inconsistent.

The proposed new text anticipates positive verification of errata n°4113 and supersedes it.

Report New Errata