[Ace] [Editorial Errata Reported] RFC8392 (7982)

RFC Errata System <rfc-editor@rfc-editor.org> Tue, 11 June 2024 07:26 UTC

Return-Path: <wwwrun@rfcpa.rfc-editor.org>
X-Original-To: ace@ietf.org
Delivered-To: ace@ietfa.amsl.com
Received: from rfcpa.rfc-editor.org (unknown [167.172.21.234]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 211E3C14F680; Tue, 11 Jun 2024 00:26:55 -0700 (PDT)
Received: by rfcpa.rfc-editor.org (Postfix, from userid 461) id 5BA09204E22; Tue, 11 Jun 2024 00:26:54 -0700 (PDT)
To: rfc-editor@rfc-editor.org
From: RFC Errata System <rfc-editor@rfc-editor.org>
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20240611072654.5BA09204E22@rfcpa.rfc-editor.org>
Date: Tue, 11 Jun 2024 00:26:54 -0700
Message-ID-Hash: RJ6LDBD5ZYDMMQJIND3PXX5Z3OPRSNBJ
X-Message-ID-Hash: RJ6LDBD5ZYDMMQJIND3PXX5Z3OPRSNBJ
X-MailFrom: wwwrun@rfcpa.rfc-editor.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ace.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: christian@amsuess.com, mbj@microsoft.com, erik@wahlstromstekniska.se, erdtman@spotify.com, Hannes.Tschofenig@arm.com, ace@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Ace] [Editorial Errata Reported] RFC8392 (7982)
List-Id: "Authentication and Authorization for Constrained Environments (ace)" <ace.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/YPPu0vPcq4jtJbTv6lJ-urZl8lI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Owner: <mailto:ace-owner@ietf.org>
List-Post: <mailto:ace@ietf.org>
List-Subscribe: <mailto:ace-join@ietf.org>
List-Unsubscribe: <mailto:ace-leave@ietf.org>

The following errata report has been submitted for RFC8392,
"CBOR Web Token (CWT)".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid7982

--------------------------------------
Type: Editorial
Reported by: Christian Amsüss <christian@amsuess.com>

Section: A.2.2

Original Text
-------------
     / kid /  4: h'53796d6d6574726963323536' / 'Symmetric256' /,

Corrected Text
--------------
     / kid /  2: h'53796d6d6574726963323536' / 'Symmetric256' /,

Notes
-----
The hex above the diagnostic notation encodes for index 2 before the 'Symmetric256' value. The use of CBOR value 2 to mean "kid" is also consistent with the examples around it.

As this is a mix-up between the "kid" key from COSE Key Common Parameters and COSE Header parameters, a check through the whole document for whether the right numeric values are used might be due. The use of 2 here and 4 in A.3 and A.4 seems right to me -- but I keep mixing those up myself, which was why I was looking into this example in the first place.

Instructions:
-------------
This erratum is currently posted as "Reported". (If it is spam, it 
will be removed shortly by the RFC Production Center.) Please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
will log in to change the status and edit the report, if necessary.

--------------------------------------
RFC8392 (draft-ietf-ace-cbor-web-token-15)
--------------------------------------
Title               : CBOR Web Token (CWT)
Publication Date    : May 2018
Author(s)           : M. Jones, E. Wahlstroem, S. Erdtman, H. Tschofenig
Category            : PROPOSED STANDARD
Source              : Authentication and Authorization for Constrained Environments
Stream              : IETF
Verifying Party     : IESG