RFC Errata
Found 2 records.
Status: Reported (2)
RFC 3579, "RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP)", September 2003
Note: This RFC has been updated by RFC 5080
Source of RFC: IETF - NON WORKING GROUP
Errata ID: 6154
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Alan DeKok
Date Reported: 2020-05-01
Edited by: Eliot Lear
Date Edited: 2022-04-01
Section 2.1 says:
EAP-Start is indicated by sending an EAP-Message attribute with a length of 2 (no data).
It should say:
EAP-Start is indicated by sending an EAP-Message attribute with a length of 3. The single byte of data SHOULD be set to zero on transmission and MUST be ignored on receipt. RADIUS clients MUST NOT send EAP-Message attributes of length 2, as attributes with no value are not permitted in RADIUS. However, for historical reasons and for compatibility with existing practice, RADIUS servers MUST accept EAP-Messages of length 2, and treat them as EAP-Start.
Notes:
RFC 2865 Section 5 says that empty attributes must be omitted:
text 1-253 octets containing UTF-8 encoded 10646 [7]
characters. Text of length zero (0) MUST NOT be sent;
omit the entire attribute instead.
Section 3.1 of RFC 3579 also says that the EAP-Message attribute cannot be sent with length 2:
...
Type
79 for EAP-Message
Length
>= 3
...
In practice, few devices seem to send EAP-Message with Length 2.
Errata ID: 6259
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Alan DeKok
Date Reported: 2020-08-20
Edited by: Eliot Lear
Date Edited: 2022-04-01
Section 2.1 says:
Where the initial EAP-Request sent by the NAS is for an authentication Type (4 or greater), the peer MAY respond with a Nak indicating that it would prefer another authentication method that is not implemented locally.
It should say:
Where the initial EAP-Request sent by the NAS is for an authentication Type (4 or greater), the peer MAY respond with a Nak indicating that it would prefer another authentication method. In this case, the NAS should send an Access-Request encapsulating the received EAP-Response/Nak. This allows a peer to suggest another EAP method where the NAS is configured to send a default EAP type (such as MD5-Challenge) which may not be appropriate.
Notes:
Clarify what happens when a NAK is received and correct the "not" in the original text.