Errata Search
RFC Number:		Errata ID:
Source of RFC		Status:	All/Any Verified+Reported Verified Reported Held for Document Update Rejected
Area Acronym:	All/Any app art gen int ops rai rtg sec tsv wit	Type:	All/Any Editorial Technical
WG Acronym:		Submitter Name:
Other:	All/Any IAB INDEPENDENT IRTF Legacy Editorial	Date Submitted:
Summary Table Full Records

RFC 6287, "OCRA: OATH Challenge-Response Algorithm", June 2011

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

---

Errata ID: 5133
Status: Reported
Type: Editorial
Publication Format(s) : TEXT
Reported By: Mathieu Lechat
Date Reported: 2017-09-29

Section 6.3 says:

The input for S is further qualified by the length of the session
data in bytes.  The client and server could agree to any length but
the typical values are:

It should say:

The input for S is further qualified by the length of the session
data in bytes.  The client and server could agree to any length up to
512 but the typical values are:

Notes:

Section 6.3 it is said the session data can be any length, as it is three digits this means it could be from 000 to 999. However in section 5.1 it is said session data cannot exceed 512 bytes so this should be reflected.

Report New Errata