RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 2 records.

Status: Verified (1)

RFC 6218, "Cisco Vendor-Specific RADIUS Attributes for the Delivery of Keying Material", April 2011

Source of RFC: INDEPENDENT

Errata ID: 5178
Status: Verified
Type: Editorial
Publication Format(s) : TEXT

Reported By: Yogesh Kumar Bansal
Date Reported: 2017-11-06
Verifier Name: Adrian Farrel
Date Verified: 2018-04-08

Section 3.3 says:

MAC = MAC-ALG(Key, Type + Identifier + Length + Attributes)
               where ’+’ represents concatenation

It should say:

MAC = HASH-ALG(Key, Type + Identifier + Length + Attributes)
               where ’+’ represents concatenation

Notes:

HASH-ALG is the name of a free variable for the hash algorithm.

Status: Reported (1)

RFC 6218, "Cisco Vendor-Specific RADIUS Attributes for the Delivery of Keying Material", April 2011

Source of RFC: INDEPENDENT

Errata ID: 8095
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Manjiri Gadagkar
Date Reported: 2024-09-06

Section 3.3 says:

            For responses (e.g., CoA-ACK [RFC5176], Accounting-Response
            [RFC2866], etc.), the value of the MAC field is a hash of
            the entire packet except the Response Authenticator in the
            header of the RADIUS packet using a shared secret as the
            key, as follows.

            MAC = HASH-ALG(Key, Type + Identifier + Length + Attributes)

It should say:

            For responses (e.g., CoA-ACK [RFC5176], Accounting-Response
            [RFC2866], etc.), the value of the MAC field is a hash
            calculated using the Request Authenticator from the request
            this packet is in reply to and a shared secret as the key
            as follows.

            MAC = HASH-ALG(Key, Type + Identifier + Length + Request
               Authenticator + Attributes)

Notes:

Parity with RFC 3579 section 3.2

For Access-Challenge, Access-Accept, and Access-Reject packets,
the Message-Authenticator is calculated as follows, using the
Request-Authenticator from the Access-Request this packet is in
reply to:

Message-Authenticator = HMAC-MD5 (Type, Identifier, Length,
Request Authenticator, Attributes)

Report New Errata



Advanced Search