RFC Errata
RFC 6819, "OAuth 2.0 Threat Model and Security Considerations", January 2013
Note: This RFC has been updated by RFC 9700
Source of RFC: oauth (sec)
Errata ID: 4267
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: David Gladstone
Date Reported: 2015-02-09
Held for Document Update by: Kathleen Moriarty
Date Held: 2015-12-08
Section 4.4.1.11 says:
If an authorization server includes a nontrivial amount of entropy
It should say:
If an authorization server includes a trivial amount of entropy
Notes:
The threat being described outlines a scenario where too little entropy is involved; countermeasures include using non-trivial amounts of entropy.