[Ace] Re: [Editorial Errata Reported] RFC8392 (7982)

Rebecca VanRheenen <rvanrheenen@amsl.com> Tue, 11 June 2024 16:42 UTC

Return-Path: <rvanrheenen@amsl.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D949C1D5C4E for <ace@ietfa.amsl.com>; Tue, 11 Jun 2024 09:42:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.907
X-Spam-Level:
X-Spam-Status: No, score=-6.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9-qLarB35qNV for <ace@ietfa.amsl.com>; Tue, 11 Jun 2024 09:42:31 -0700 (PDT)
Received: from c8a.amsl.com (c8a.amsl.com [4.31.198.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 888F0C1D4CCB for <ace@ietf.org>; Tue, 11 Jun 2024 09:42:31 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by c8a.amsl.com (Postfix) with ESMTP id 517A2425C237; Tue, 11 Jun 2024 09:42:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from c8a.amsl.com ([127.0.0.1]) by localhost (c8a.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BDTaQvybpaJ8; Tue, 11 Jun 2024 09:42:31 -0700 (PDT)
Received: from [IPv6:2601:641:300:5fb0:b971:e2d8:5589:511a] (unknown [IPv6:2601:641:300:5fb0:b971:e2d8:5589:511a]) by c8a.amsl.com (Postfix) with ESMTPSA id 2DDC5424B427; Tue, 11 Jun 2024 09:42:31 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Rebecca VanRheenen <rvanrheenen@amsl.com>
In-Reply-To: <20240611072654.5BA09204E22@rfcpa.rfc-editor.org>
Date: Tue, 11 Jun 2024 09:42:30 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <55F3EC3D-9E2A-4186-B22D-88C37E2F8484@amsl.com>
References: <20240611072654.5BA09204E22@rfcpa.rfc-editor.org>
To: Paul Wouters <paul.wouters@aiven.io>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Message-ID-Hash: ESXJIM7VK23JC4SUUN3NHGU77TZIIHDJ
X-Message-ID-Hash: ESXJIM7VK23JC4SUUN3NHGU77TZIIHDJ
X-MailFrom: rvanrheenen@amsl.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ace.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: christian@amsuess.com, mbj@microsoft.com, erik@wahlstromstekniska.se, erdtman@spotify.com, Hannes.Tschofenig@arm.com, ace@ietf.org, RFC Editor <rfc-editor@rfc-editor.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Ace] Re: [Editorial Errata Reported] RFC8392 (7982)
List-Id: "Authentication and Authorization for Constrained Environments (ace)" <ace.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/h88LMY7F2KpBJw3O9_SfcmvoSqg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Owner: <mailto:ace-owner@ietf.org>
List-Post: <mailto:ace@ietf.org>
List-Subscribe: <mailto:ace-join@ietf.org>
List-Unsubscribe: <mailto:ace-leave@ietf.org>

Hi Paul,

We are unable to verify this erratum that the submitter marked as editorial, so we changed the Type to “Technical”. As Stream Approver, please review and set the Status and Type accordingly (see the definitions at https://www.rfc-editor.org/errata-definitions/)

You may review the report at: 
https://www.rfc-editor.org/errata/eid7982

Information on how to verify errata reports can be found at: 
https://www.rfc-editor.org/how-to-verify/

Further information on errata can be found at: 
https://www.rfc-editor.org/errata.php

Thank you.

RFC Editor/rv


> On Jun 11, 2024, at 12:26 AM, RFC Errata System <rfc-editor@rfc-editor.org> wrote:
> 
> The following errata report has been submitted for RFC8392,
> "CBOR Web Token (CWT)".
> 
> --------------------------------------
> You may review the report below and at:
> https://www.rfc-editor.org/errata/eid7982
> 
> --------------------------------------
> Type: Editorial
> Reported by: Christian Amsüss <christian@amsuess.com>
> 
> Section: A.2.2
> 
> Original Text
> -------------
>     / kid /  4: h'53796d6d6574726963323536' / 'Symmetric256' /,
> 
> Corrected Text
> --------------
>     / kid /  2: h'53796d6d6574726963323536' / 'Symmetric256' /,
> 
> Notes
> -----
> The hex above the diagnostic notation encodes for index 2 before the 'Symmetric256' value. The use of CBOR value 2 to mean "kid" is also consistent with the examples around it.
> 
> As this is a mix-up between the "kid" key from COSE Key Common Parameters and COSE Header parameters, a check through the whole document for whether the right numeric values are used might be due. The use of 2 here and 4 in A.3 and A.4 seems right to me -- but I keep mixing those up myself, which was why I was looking into this example in the first place.
> 
> Instructions:
> -------------
> This erratum is currently posted as "Reported". (If it is spam, it 
> will be removed shortly by the RFC Production Center.) Please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party  
> will log in to change the status and edit the report, if necessary.
> 
> --------------------------------------
> RFC8392 (draft-ietf-ace-cbor-web-token-15)
> --------------------------------------
> Title               : CBOR Web Token (CWT)
> Publication Date    : May 2018
> Author(s)           : M. Jones, E. Wahlstroem, S. Erdtman, H. Tschofenig
> Category            : PROPOSED STANDARD
> Source              : Authentication and Authorization for Constrained Environments
> Stream              : IETF
> Verifying Party     : IESG
>