RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 1 record.

Status: Verified (1)

RFC 7542, "The Network Access Identifier", May 2015

Source of RFC: radext (sec)

Errata ID: 5462
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Alan DeKok
Date Reported: 2018-08-14
Verifier Name: Benjamin Kaduk
Date Verified: 2019-12-11

Section 3 says:

The "utf8-realm" SHOULD be supplied by the "next hop" or "home"
system that also supplies the routing information necessary for
packets to reach the next hop.

It should say:

The "utf8-realm" SHOULD be supplied by the "next hop" or "home"
system that also supplies the routing information necessary for
packets to reach the next hop.

The final home system SHOULD validate the NAI in the received packet
against the list of Realms hosted by the home system.  If no match
is found, the request SHOULD be rejected.

Notes:

It doesn't explicitly say that home systems only authenticate users for their own realms. It may help to have this stated explicitly.

Some text will also be added to draft-ietf-radext-coa-proxy in order to make this clearer.

Report New Errata



Advanced Search