RFC Errata
Found 2 records.
Status: Verified (1)
RFC 8613, "Object Security for Constrained RESTful Environments (OSCORE)", July 2019
Source of RFC: core (wit)
Errata ID: 8229
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Marco Tiloca
Date Reported: 2025-01-03
Verifier Name: RFC Editor
Date Verified: 2025-01-03
Section 7.3 says:
Note that the message binding does not guarantee that a misbehaving server created the response before receiving the request, i.e., it does not verify server aliveness.
It should say:
Note that the message binding does not prevent a misbehaving server from creating the response before receiving the request, i.e., OSCORE does not verify server aliveness.
Notes:
The original text should have said "does not guarantee that a misbehaving server did not create", so a negation was missing. The new text addresses that, using "prevent" instead of "guarantee" in order to avoid a double negation.
Status: Reported (1)
RFC 8613, "Object Security for Constrained RESTful Environments (OSCORE)", July 2019
Source of RFC: core (wit)
Errata ID: 8230
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Marco Tiloca
Date Reported: 2025-01-03
Section 8.4 says:
If either the decompression or the COSE message fails to decode, then go to 8.
It should say:
If the decompression fails, or the Recipient Context is unusable or invalid, or the COSE message fails to decode, then go to 8.
Notes:
There is currently no definition of "invalid" Security Context. Any later update on this can build on https://datatracker.ietf.org/doc/draft-ietf-core-oscore-key-limits/