RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 2 records.

Status: Verified (2)

RFC 7469, "Public Key Pinning Extension for HTTP", April 2015

Source of RFC: websec (app)

Errata ID: 4354

Status: Verified
Type: Technical

Reported By: Kirit Saelensminde
Date Reported: 2015-05-04
Verifier Name: Barry Leiba
Date Verified: 2015-05-05

Section 3 says:

   As in Section 2.4, the token refers to the algorithm name, and the
   quoted-string refers to the base64 encoding of the SPKI Fingerprint.
   When formulating the JSON POST body, the UA MUST either use single-
   quoted JSON strings or use double-quoted JSON strings and backslash-
   escape the embedded double quotes in the quoted-string part of the
   known-pin.

....

      'pin-sha256="d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM="',




It should say:

   As in Section 2.4, the token refers to the algorithm name, and the
   quoted-string refers to the base64 encoding of the SPKI Fingerprint.
   When formulating the JSON POST body, the UA MUST use double-quoted
   JSON strings and backslash-escape the embedded double quotes in the
   quoted-string part of the known-pin.

....

      "pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\"",




Notes:

This RFC seems to think that single quotes are permissible in JSON. This is not the case. See http://tools.ietf.org/html/rfc7159#section-7

Errata ID: 4658

Status: Verified
Type: Editorial

Reported By: Jxck
Date Reported: 2016-04-08
Verifier Name: Barry Leiba
Date Verified: 2016-04-08

Section 3. Reporting Pin Validation Failure says:

  {
    "date-time": "2014-04-06T13:00:50Z",
    "hostname": "www.example.com",
    "port": 443,
    "effective-expiration-date": "2014-05-01T12:40:50Z"

It should say:

  {
    "date-time": "2014-04-06T13:00:50Z",
    "hostname": "www.example.com",
    "port": 443,
    "effective-expiration-date": "2014-05-01T12:40:50Z",
 

Notes:

Missing comma after "effective-expiration-date": "2014-05-01T12:40:50Z" in JSON at Figure 8: Pin Validation Failure Report Example

Report New Errata



Search RFCs
Advanced Search
×