RFC 3552, "Guidelines for Writing RFC Text on Security Considerations", July 2003

Note: This RFC has been updated by RFC 8996, RFC 9416

Errata ID: 7610
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Pete Jorgensen
Date Reported: 2023-08-19
Verifier Name: Mirja Kühlewind
Date Verified: 2024-01-11

Section 3.3.5 says:

Note that it is only necessary to authenticate one side of the
   transaction in order to prevent man-in-the-middle attacks.  In such a
   situation the the peers can establish an association in which only
   one peer is authenticated.  In such a system, an attacker can
   initiate an association posing as the unauthenticated peer but cannot
   transmit or access data being sent on a legitimate connection.  This
   is an acceptable situation in contexts such as Web e-commerce where
   only the server needs to be authenticated (or the client is
   independently authenticated via some non-cryptographic mechanism such
   as a credit card number).

It should say:

Note that it is only necessary to authenticate one side of the
   transaction in order to prevent man-in-the-middle attacks.  In such a
   situation the peers can establish an association in which only
   one peer is authenticated.  In such a system, an attacker can
   initiate an association posing as the unauthenticated peer but cannot
   transmit or access data being sent on a legitimate connection.  This
   is an acceptable situation in contexts such as Web e-commerce where
   only the server needs to be authenticated (or the client is
   independently authenticated via some non-cryptographic mechanism such
   as a credit card number).

Notes:

2nd sentence fix "the the".

Report New Errata