RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 4 records.

Status: Verified (2)

RFC 5878, "Transport Layer Security (TLS) Authorization Extensions", May 2010

Note: This RFC has been updated by RFC 8447, RFC 8996

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 3512
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Ben Laurie
Date Reported: 2013-03-08
Verifier Name: Kathleen Moriarty
Date Verified: 2015-06-05

Section 3 says:

struct {
  SupplementalDataType supplemental_data_type;
  select(SupplementalDataType) {
    case authz_data: AuthorizationData;
  }
} SupplementalData;

It should say:

struct {
  SupplementalDataType supp_data_type;
  uint16 supp_data_length;
  select(SupplementalDataType) {
    case authz_data: AuthorizationData;
  }
} SupplementalDataEntry;

supp_data_length This field is the length (in bytes) of the data 
selected by SupplementalDataType.

Errata ID: 3513
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Ben Laurie
Date Reported: 2013-03-08
Verifier Name: Kathleen Moriarty
Date Verified: 2015-06-05

Section 3.3 says:

struct{
  AuthorizationDataEntry authz_data_list<1..2^16­1>;
} AuthorizationData;

It should say:

struct{
  AuthorizationDataEntry authz_data_list[supp_data_length];
} AuthorizationData;

Status: Reported (1)

RFC 5878, "Transport Layer Security (TLS) Authorization Extensions", May 2010

Note: This RFC has been updated by RFC 8447, RFC 8996

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 3515
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Ben Laurie
Date Reported: 2013-03-08

Section 3.3 says:

struct {
  AuthzDataFormat authz_format;
  select (AuthzDataFormat) {
    case x509_attr_cert: X509AttrCert;
    case saml_assertion: SAMLAssertion;
    case x509_attr_cert_url: URLandHash;
    case saml_assertion_url: URLandHash;
  }
} AuthorizationDataEntry;

enum {
  x509_attr_cert(0), saml_assertion(1), x509_attr_cert_url(2),
  saml_assertion_url(3), (255)
} AuthzDataFormat;opaque X509AttrCert<1..2^16­1>;

opaque SAMLAssertion<1..2^16­1>;

struct {
  opaque url<1..2^16­1>;
  HashAlgorithm hash_alg;
  select (hash_alg) {
    case md5: MD5Hash;
    case sha1: SHA1Hash;
    case sha224: SHA224Hash;
    case sha256: SHA256Hash;
    case sha384: SHA384Hash;
    case sha512: SHA512Hash;
  } hash;
} URLandHash;

It should say:

struct {
  AuthzDataFormat authz_format;
  uint16 authz_data_length;
  select (AuthzDataFormat) {
    case x509_attr_cert: X509AttrCert;
    case saml_assertion: SAMLAssertion;
    case x509_attr_cert_url: URLandHash;
    case saml_assertion_url: URLandHash;
  }
} AuthorizationDataEntry;

authz_data_length This field is the length (in bytes) of the data 
selected by AuthzDataFormat.

enum {
  x509_attr_cert(0), saml_assertion(1), x509_attr_cert_url(2),
  saml_assertion_url(3), (255)
} AuthzDataFormat;

opaque X509AttrCert[authz_data_length];

opaque SAMLAssertion[authz_data_length];

struct {
  opaque url<1..2^16­1>;
  HashAlgorithm hash_alg;
  select (hash_alg) {
    case md5: MD5Hash;
    case sha1: SHA1Hash;
    case sha224: SHA224Hash;
    case sha256: SHA256Hash;
    case sha384: SHA384Hash;
    case sha512: SHA512Hash;
  } hash;
} URLandHash;

Example: similarly to the example on p. 7, authorization data 
consisting of an X509 attribute cert

a SAML assertion URL is encoded as

17 # Handshake.msg_type == supplemental_data(23)
00 00 38 # Handshake.length = 56
00 00 53 # length of SupplementalData.supp_data = 53
40 02 # SupplementalDataEntry.supp_data_type = 16386
00 31 # SupplementalDataEntry.supp_data_length = 49
00 # authz_format = x509_attr_cert(0)
00 05 # authz_data_length = 5
aa aa aa aa aa # X509AttrCert fictitious: "aa aa aa aa aa"
01 # authz_format = saml_assertion_url(3)
00 26 # authz_data_length = 38
00 03 # length of URLAndHash url
bb bb bb # url fictitious: "bb bb bb"
04 # hash_alg = sha256(4)
00 01 02 03 # sha256 hash: "00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d
04 05 06 07 # 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f"
08 09 0a 0b #
0c 0d 0e 0f #
10 11 12 13 #
14 15 16 17 #
18 19 1a 1b #
1c 1d 1e 1f #

Notes:

Proposed change: Allow opaque parsing of AuthorizationData entries. As AuthorizationData
may be intended for use by applications rather than the handshake itself, it is desirable that TLS
servers and clients be able to parse this data without being aware of its structure.

Status: Held for Document Update (1)

RFC 5878, "Transport Layer Security (TLS) Authorization Extensions", May 2010

Note: This RFC has been updated by RFC 8447, RFC 8996

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 3514
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT

Reported By: Ben Laurie
Date Reported: 2013-03-08
Held for Document Update by: Kathleen Moriarty
Date Held: 2015-06-05

Section 3.3 says:

17 # Handshake.msg_type == supplemental_data(23)
00 00 11 # Handshake.length = 17
00 00 0e # length of SupplementalData.supp_data = 14
40 02 # SupplementalDataEntry.supp_data_type = 16386
00 0a # SupplementalDataEntry.supp_data_length = 10
00 08 # length of AuthorizationData.authz_data_list = 8
01 # authz_format = saml_assertion(1)
00 05 # length of SAMLAssertion
aa aa aa aa aa # SAML assertion (fictitious: "aa aa aa aa aa")

It should say:

17 # Handshake.msg_type == supplemental_data(23)
00 00 0f # Handshake.length = 15
00 00 0d # length of SupplementalData.supp_data = 13
40 02 # SupplementalDataEntry.supp_data_type = 16386
00 0a # SupplementalDataEntry.supp_data_length = 8
01 # authz_format = saml_assertion(1)
00 05 # length of SAMLAssertion
aa aa aa aa aa # SAML assertion (fictitious: "aa aa aa aa aa")

Notes:

Per Russ Housley: We do not have an implementation that can be used to check the hex values, but they appear to be correct.

Report New Errata



Advanced Search