[Ace] Fwd: [Editorial Errata Reported] RFC8392 (7982)

Paul Wouters <paul.wouters@aiven.io> Tue, 11 June 2024 18:02 UTC

Return-Path: <paul.wouters@aiven.io>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57F36C1DA1D3 for <ace@ietfa.amsl.com>; Tue, 11 Jun 2024 11:02:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aiven.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N_nqUxeNRZpV for <ace@ietfa.amsl.com>; Tue, 11 Jun 2024 11:02:42 -0700 (PDT)
Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A599C1D6FA1 for <ace@ietf.org>; Tue, 11 Jun 2024 11:02:42 -0700 (PDT)
Received: by mail-ej1-x635.google.com with SMTP id a640c23a62f3a-a6f0e153eddso400216566b.0 for <ace@ietf.org>; Tue, 11 Jun 2024 11:02:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aiven.io; s=google; t=1718128960; x=1718733760; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=j8Yyd43sp4g9YCCxqoTGEhzrDRB7itzCHz4yycJHV0U=; b=VdqfVr9XL/cF8Tf4Lzx45IFCUmChX2Mxos4217qwr5yLYeFyvDOkQUQd/eVz/y5RSJ MP8eu+8gGFdeET5Osr/Ose4eiqfz0ZpnKHa+dg7+yQDrTk+y/R2MECQfUP5Yvgb2I8j4 fqehtfgt776VMabQVi4yeQDiHZkeuT7gBVJ3Y=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718128960; x=1718733760; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=j8Yyd43sp4g9YCCxqoTGEhzrDRB7itzCHz4yycJHV0U=; b=YGKKz3YtOb6Wni37Vo/UU8ZoK1a4bLB5pAEMZ7P454D0I8fftZ+y0MxrfTIjBmKVnm Vds6jwO76yrjFw/Gks/DfJmqOoDOSdctGuz5RUI1LFL445gfr/aN+ClhILX0fxh9CnD7 6fxzOcgRw998y+JJKlWypLEP9KmIoKzPPtnTkhfNZYb16ZNo9J8I0j4vrLVOQ5Z7du58 tqGsjAfkSeIYfeTNHw4SjnOUPsQiJ4RRpGn3UNtprg0nR79bwiRx3QWPsj5qVf4ulrfQ eWWEZoRvkAkELvNyBfVkBOVuR6YwzzclOWlzXjPOLLBP+TC2cF9VT4GbANhfSgRLPNMD DhqQ==
X-Gm-Message-State: AOJu0YyLvBjjjoG/feUi3bD1c/DwPl3ryOi+jXz+4I1AWJqxG4DvtrkN YBFbTp+du2SCiqVh/Y3NYdrSF3qyhN2fuqqRda+uFnuSRD7qr2PZKCnb9bb+GIzx+WhkiYy1oMJ lSgnQNAE8oQxTqYgtUfcriwHPrz3/CJsApGRHr0kJNPQ3fkEQ
X-Google-Smtp-Source: AGHT+IGhOgx1dZC8SOOJlYvkycJxMZGF83iv5Ph2hjaZsSJaJlDB1Lx7M84XaeA3PR7Rt71rnRbL/gn1hZ/L/YfHNuk=
X-Received: by 2002:a17:907:7e9d:b0:a6f:17a9:947a with SMTP id a640c23a62f3a-a6f17a9f1bemr514673166b.71.1718128960490; Tue, 11 Jun 2024 11:02:40 -0700 (PDT)
MIME-Version: 1.0
References: <20240611072654.5BA09204E22@rfcpa.rfc-editor.org> <55F3EC3D-9E2A-4186-B22D-88C37E2F8484@amsl.com>
In-Reply-To: <55F3EC3D-9E2A-4186-B22D-88C37E2F8484@amsl.com>
From: Paul Wouters <paul.wouters@aiven.io>
Date: Tue, 11 Jun 2024 14:02:28 -0400
Message-ID: <CAGL5yWaxTLx3GywDAeMOvGof+BNc5DVzRXQYvLqq2Jar4jZZUw@mail.gmail.com>
To: Ace Wg <ace@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005e6dc6061aa11231"
Message-ID-Hash: SJOPVUSVMOLUWOVAQ2XL63OM667TRBHB
X-Message-ID-Hash: SJOPVUSVMOLUWOVAQ2XL63OM667TRBHB
X-MailFrom: paul.wouters@aiven.io
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ace.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Ace] Fwd: [Editorial Errata Reported] RFC8392 (7982)
List-Id: "Authentication and Authorization for Constrained Environments (ace)" <ace.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/mEb62WhyHKyuBLJID1CWXd5q2ps>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Owner: <mailto:ace-owner@ietf.org>
List-Post: <mailto:ace@ietf.org>
List-Subscribe: <mailto:ace-join@ietf.org>
List-Unsubscribe: <mailto:ace-leave@ietf.org>

Any volunteers to confirm this errata and check the entire RFC for similar
errors ? :)

Paul



> On Jun 11, 2024, at 12:26 AM, RFC Errata System <rfc-editor@rfc-editor.org>
wrote:
>
> The following errata report has been submitted for RFC8392,
> "CBOR Web Token (CWT)".
>
> --------------------------------------
> You may review the report below and at:
> https://www.rfc-editor.org/errata/eid7982
>
> --------------------------------------
> Type: Editorial
> Reported by: Christian Amsüss <christian@amsuess.com>
>
> Section: A.2.2
>
> Original Text
> -------------
>     / kid /  4: h'53796d6d6574726963323536' / 'Symmetric256' /,
>
> Corrected Text
> --------------
>     / kid /  2: h'53796d6d6574726963323536' / 'Symmetric256' /,
>
> Notes
> -----
> The hex above the diagnostic notation encodes for index 2 before the
'Symmetric256' value. The use of CBOR value 2 to mean "kid" is also
consistent with the examples around it.
>
> As this is a mix-up between the "kid" key from COSE Key Common Parameters
and COSE Header parameters, a check through the whole document for whether
the right numeric values are used might be due. The use of 2 here and 4 in
A.3 and A.4 seems right to me -- but I keep mixing those up myself, which
was why I was looking into this example in the first place.
>
> Instructions:
> -------------
> This erratum is currently posted as "Reported". (If it is spam, it
> will be removed shortly by the RFC Production Center.) Please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party
> will log in to change the status and edit the report, if necessary.
>
> --------------------------------------
> RFC8392 (draft-ietf-ace-cbor-web-token-15)
> --------------------------------------
> Title               : CBOR Web Token (CWT)
> Publication Date    : May 2018
> Author(s)           : M. Jones, E. Wahlstroem, S. Erdtman, H. Tschofenig
> Category            : PROPOSED STANDARD
> Source              : Authentication and Authorization for Constrained
Environments
> Stream              : IETF
> Verifying Party     : IESG
>