RFC Errata
Found 2 records.
Status: Verified (1)
RFC 4462, "Generic Security Service Application Program Interface (GSS-API) Authentication and Key Exchange for the Secure Shell (SSH) Protocol", May 2006
Note: This RFC has been updated by RFC 8732, RFC 9142
Source of RFC: secsh (sec)
Errata ID: 4684
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Dave Thompson
Date Reported: 2016-05-05
Verifier Name: Benjamin Kaduk
Date Verified: 2020-02-14
Section 8 says:
The family of SSH key exchange method names beginning with "gss- group1-sha1-" and not containing the at-sign ('@'), to name the key exchange methods defined in Section 2.3.
It should say:
The family of SSH key exchange method names beginning with "gss- group1-sha1-" and not containing the at-sign ('@'), to name the key exchange methods defined in Section 2.3. The family of SSH key exchange method names beginning with "gss- group14-sha1-" and not containing the at-sign ('@'), to name the key exchange methods defined in Section 2.4.
Notes:
The group14-sha1 family of key exchange method names was not listed in the IANA considerations as being registered. The registration is (already) correct in http://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-16
Status: Held for Document Update (1)
RFC 4462, "Generic Security Service Application Program Interface (GSS-API) Authentication and Key Exchange for the Secure Shell (SSH) Protocol", May 2006
Note: This RFC has been updated by RFC 8732, RFC 9142
Source of RFC: secsh (sec)
Errata ID: 1621
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Ben Harris
Date Reported: 2008-11-25
Held for Document Update by: Pasi Eronen
Section 9 says:
In order for the "external-keyx" user authentication method to be used, it MUST have access to user authentication information obtained as a side-effect of the key exchange. If this information is unavailable, the authentication MUST fail.
It should say:
In order for the "gssapi-keyex" user authentication method to be used, it MUST have access to user authentication information obtained as a side-effect of the key exchange. If this information is unavailable, the authentication MUST fail.
Notes:
As mentioned in section 8, the "external-keyx" name was used by an earlier version of thespec, but got replaced by "gssapi-keyex" before publication.