RFC Errata
RFC 2759, "Microsoft PPP CHAP Extensions, Version 2", January 2000
Source of RFC: pppext (int)
Errata ID: 6429
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Valentin Atanasov
Date Reported: 2021-02-14
Rejected by: Eric Vyncke
Date Rejected: 2023-08-03
Section 9.1.2. says:
Authenticator authentication failure
<- Authenticator Challenge
Peer Response/Challenge ->
<- Success/Authenticator Response
(Authenticator Response verification fails, peer disconnects)
It should say:
Authenticator authentication failure
<- Authenticator Challenge
Peer Response/Challenge ->
<- Failure/Authenticator Response
(Authenticator Response verification fails, peer disconnects)
Notes:
According to section 6. Failure Packet is identical in format to the standard CHAP Failure packet, but there are different codes for success and for failure so in case of failure the returned code must be 4 thus in section 9.1.2. the line "<- Success/Authenticator Response" the response logic should be Failure, not Succsess.
--VERIFIER NOTES--
The example is when the authenticator fails authenticate itself to the peer (i.e., it is a rogue authenticator). MS-CHAPv2 is doing piggy-backed mutual authentication.