RFC Errata
Found 2 records.
Status: Verified (1)
RFC 6218, "Cisco Vendor-Specific RADIUS Attributes for the Delivery of Keying Material", April 2011
Source of RFC: INDEPENDENT
Errata ID: 5178
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Yogesh Kumar Bansal
Date Reported: 2017-11-06
Verifier Name: Adrian Farrel
Date Verified: 2018-04-08
Section 3.3 says:
MAC = MAC-ALG(Key, Type + Identifier + Length + Attributes) where ’+’ represents concatenation
It should say:
MAC = HASH-ALG(Key, Type + Identifier + Length + Attributes) where ’+’ represents concatenation
Notes:
HASH-ALG is the name of a free variable for the hash algorithm.
Status: Reported (1)
RFC 6218, "Cisco Vendor-Specific RADIUS Attributes for the Delivery of Keying Material", April 2011
Source of RFC: INDEPENDENT
Errata ID: 8095
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Manjiri Gadagkar
Date Reported: 2024-09-06
Section 3.3 says:
For responses (e.g., CoA-ACK [RFC5176], Accounting-Response [RFC2866], etc.), the value of the MAC field is a hash of the entire packet except the Response Authenticator in the header of the RADIUS packet using a shared secret as the key, as follows. MAC = HASH-ALG(Key, Type + Identifier + Length + Attributes)
It should say:
For responses (e.g., CoA-ACK [RFC5176], Accounting-Response [RFC2866], etc.), the value of the MAC field is a hash calculated using the Request Authenticator from the request this packet is in reply to and a shared secret as the key as follows. MAC = HASH-ALG(Key, Type + Identifier + Length + Request Authenticator + Attributes)
Notes:
Parity with RFC 3579 section 3.2
For Access-Challenge, Access-Accept, and Access-Reject packets,
the Message-Authenticator is calculated as follows, using the
Request-Authenticator from the Access-Request this packet is in
reply to:
Message-Authenticator = HMAC-MD5 (Type, Identifier, Length,
Request Authenticator, Attributes)