Found 1 record.

Status: Reported (1)

RFC 9203, "The Object Security for Constrained RESTful Environments (OSCORE) Profile of the Authentication and Authorization for Constrained Environments (ACE) Framework", August 2022

Errata ID: 8678
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Marco Tiloca
Date Reported: 2025-12-16

Section 4.2 says:

As specified in Section 5.8.3 of [RFC9200], the RS must notify the
client with an error response with code 4.01 (Unauthorized) for any
long running request before terminating the session, when the access
token expires.

It should say:

As specified in Section 5.10.3 of [RFC9200], the RS must notify the
client with an error response with code 4.01 (Unauthorized) for any
long running request before terminating the session, when the access
token expires.

Notes:

The quoted text from Section 4.2 of RFC 9203 defines interactions between the client and the RS.

However, the referred Section 5.8.3 of RFC 9200 is about error responses for interactions with the AS.

The right section of RFC 9200 to refer to is instead 5.10.3, which says:

"If a token that authorizes a long-running request, such as a CoAP Observe [RFC7641], expires, the RS MUST send an error response with the response code equivalent to the CoAP code 4.01 (Unauthorized) to the client and then terminate processing the long-running request."

Report New Errata