Errata Search
RFC Number:		Errata ID:
Source of RFC		Status:	All/Any Verified+Reported Verified Reported Held for Document Update Rejected
Area Acronym:	All/Any app art gen int ops rai rtg sec tsv wit	Type:	All/Any Editorial Technical
WG Acronym:		Submitter Name:
Other:	All/Any IAB INDEPENDENT IRTF Legacy Editorial	Date Submitted:
Summary Table Full Records

Found 3 records.

Status: Verified (2)

RFC 5801, "Using Generic Security Service Application Program Interface (GSS-API) Mechanisms in Simple Authentication and Security Layer (SASL): The GS2 Mechanism Family", July 2010

Note: This RFC has been updated by RFC 9266

Source of RFC: sasl (sec)

Errata ID: 2768
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Simon Josefsson
Date Reported: 2011-04-06
Verifier Name: Sean Turner
Date Verified: 2011-05-12

Section 10.1 and 11. says:

Section 10.1:
        const gss_OID  desired_mech,

Section 11.1:
       const gss_buffer_t   sasl_mech_name,

It should say:

Section 10.1:
        gss_const_OID  desired_mech,

Section 11.1:
       gss_const_buffer_t   sasl_mech_name,

Add to section 2:
   The normative reference to [RFC5587] is for
   the C types "gss_const_buffer_t" and "gss_const_OID", nothing else
   from that document is required to implement this document.

Add new normative reference:
   [RFC5587]  Williams, N., "Extended Generic Security Service Mechanism
              Inquiry APIs", RFC 5587, July 2009.

Notes:

There is a bug in the C interfaces for these functions. RFC 5587 section 3.4.6 explains the problem and specifies new types to use instead. This errata makes RFC 5801 use the corrected types.

As far as I understand, there are no technical/implementation implications caused by this change -- it merely helps the compiler check implementations better and (in some cases) it can avoid compiler warnings on application code.

A similar issue was recently discussed in the Kitten WG list.

Errata ID: 2825
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Thomas Maslen
Date Reported: 2011-06-07
Verifier Name: Stephen Farrell
Date Verified: 2013-03-16

Section 5.1 says:

The initiator-address-type and acceptor-address-type fields of the GSS-CHANNEL-BINDINGS structure MUST be set to 0.

It should say:

The initiator-address-type and acceptor-address-type fields of the GSS-CHANNEL-BINDINGS structure MUST be set to 255 (GSS_C_AF_NULLADDR).

Notes:

See RFC 2744, section 3.11, last paragraph: "[...] or omit addressing information, specifying GSS_C_AF_NULLADDR as the address-types".

Appendix A of RFC 2744 specifies that the value of GSS_C_AF_NULLADDR is 255.

Status: Reported (1)

RFC 5801, "Using Generic Security Service Application Program Interface (GSS-API) Mechanisms in Simple Authentication and Security Layer (SASL): The GS2 Mechanism Family", July 2010

Note: This RFC has been updated by RFC 9266

Source of RFC: sasl (sec)

Errata ID: 5081
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Rick van Rein
Date Reported: 2017-08-09

Section 3.1 says:

                                    If any padding or non-alphabet
   characters are encountered, the name is not a GS2 family mechanism
   name.

It should say:

                                    If any padding or non-alphanumerical
   characters are encountered, the name is not a GS2 family mechanism
   name.

Report New Errata