RFC Errata
RFC 6287, "OCRA: OATH Challenge-Response Algorithm", June 2011
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 5133
Status: Reported
Type: Editorial
Publication Format(s) : TEXT
Reported By: Mathieu Lechat
Date Reported: 2017-09-29
Section 6.3 says:
The input for S is further qualified by the length of the session data in bytes. The client and server could agree to any length but the typical values are:
It should say:
The input for S is further qualified by the length of the session data in bytes. The client and server could agree to any length up to 512 but the typical values are:
Notes:
Section 6.3 it is said the session data can be any length, as it is three digits this means it could be from 000 to 999. However in section 5.1 it is said session data cannot exceed 512 bytes so this should be reflected.