RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 2 records.

Status: Verified (1)

RFC 8613, "Object Security for Constrained RESTful Environments (OSCORE)", July 2019

Source of RFC: core (wit)

Errata ID: 8229
Status: Verified
Type: Editorial
Publication Format(s) : TEXT

Reported By: Marco Tiloca
Date Reported: 2025-01-03
Verifier Name: RFC Editor
Date Verified: 2025-01-03

Section 7.3 says:

Note that the message binding does not guarantee that a misbehaving
server created the response before receiving the request, i.e., it
does not verify server aliveness.

It should say:

Note that the message binding does not prevent a misbehaving
server from creating the response before receiving the request, i.e.,
OSCORE does not verify server aliveness.

Notes:

The original text should have said "does not guarantee that a misbehaving server did not create", so a negation was missing. The new text addresses that, using "prevent" instead of "guarantee" in order to avoid a double negation.

Status: Reported (1)

RFC 8613, "Object Security for Constrained RESTful Environments (OSCORE)", July 2019

Source of RFC: core (wit)

Errata ID: 8230
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Marco Tiloca
Date Reported: 2025-01-03

Section 8.4 says:

If either the decompression or the COSE message fails to decode,
then go to 8.

It should say:

If the decompression fails, or the Recipient Context is
unusable or invalid, or the COSE message fails to decode,
then go to 8.

Notes:

There is currently no definition of "invalid" Security Context. Any later update on this can build on https://datatracker.ietf.org/doc/draft-ietf-core-oscore-key-limits/

Report New Errata



Advanced Search