Re: [http-auth] [Technical Errata Reported] RFC7804 (5496)
Alexey Melnikov <alexey.melnikov@isode.com> Sat, 08 September 2018 20:51 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D8DF130DDA for <http-auth@ietfa.amsl.com>; Sat, 8 Sep 2018 13:51:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e1tX2lTVX94x for <http-auth@ietfa.amsl.com>; Sat, 8 Sep 2018 13:51:15 -0700 (PDT)
Received: from statler.isode.com (Statler.isode.com [62.232.206.189]) by ietfa.amsl.com (Postfix) with ESMTP id DDBA8126CC7 for <http-auth@ietf.org>; Sat, 8 Sep 2018 13:51:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1536439874; d=isode.com; s=june2016; i=@isode.com; bh=kQaz51ToXh5X3oq/sLPKIMvPB/U+0PqdqUk5WkYtTqQ=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=cb6n91bkPhtEOMkRhb5jucnG20JsfA2mHKjXFZ7BjZFwfNf2B2wbpkR421WFrTyKLGmgc4 bykdHhnIz7SCoOQ09TOZB38sYqDObmo9MWz/mbJzJTvoanF+va/tTLyLKDYV0yOhu5sEhZ rJvZPPZgv/W4eme6EU5INmEbyXw82B4=;
Received: from [192.168.0.7] (cpc121086-nmal24-2-0-cust54.19-2.cable.virginm.net [77.97.145.55]) by statler.isode.com (submission channel) via TCP with ESMTPSA id <W5Q2QAAMFlvy@statler.isode.com>; Sat, 8 Sep 2018 21:51:13 +0100
To: RFC Errata System <rfc-editor@rfc-editor.org>, kaduk@mit.edu, ekr@rtfm.com, ynir.ietf@gmail.com, rifaat.ietf@gmail.com
Cc: poccil14@gmail.com, http-auth@ietf.org
References: <20180908135146.08ECDB82672@rfc-editor.org>
From: Alexey Melnikov <alexey.melnikov@isode.com>
Openpgp: preference=signencrypt
Message-ID: <eb57caf6-d915-607c-e328-76fa3470bd10@isode.com>
Date: Sat, 08 Sep 2018 21:51:15 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
In-Reply-To: <20180908135146.08ECDB82672@rfc-editor.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-auth/iNVh42HGZKYsfZatcR_6hP4Y_QY>
Subject: Re: [http-auth] [Technical Errata Reported] RFC7804 (5496)
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Sep 2018 20:51:17 -0000
This looks correct to me. On 08/09/2018 14:51, RFC Errata System wrote: > The following errata report has been submitted for RFC7804, > "Salted Challenge Response HTTP Authentication Mechanism". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata/eid5496 > > -------------------------------------- > Type: Technical > Reported by: Peter Occil <poccil14@gmail.com> > > Section: 2.2 > > Original Text > ------------- > o Normalize(str): Apply the Preparation and Enforcement steps > according to the OpaqueString profile (see [RFC7613]) to a UTF-8 > [RFC3629] encoded "str". The resulting string is also in UTF-8. > Note that implementations MUST either implement OpaqueString > profile operations from [RFC7613] or disallow the use of non > US-ASCII Unicode codepoints in "str". The latter is a particular > case of compliance with [RFC7613]. > > > Corrected Text > -------------- > o Normalize(str): Apply the Preparation and Enforcement steps > according to the OpaqueString profile (see [RFC7613]) to a UTF-8 > [RFC3629] encoded "str". The resulting string is also in UTF-8. > Note that implementations MUST either implement OpaqueString > profile operations from [RFC7613] or disallow the use of Unicode > codepoints not ranging from U+0020 to U+007E in "str". The latter > is a particular case of compliance with [RFC7613]. > > > Notes > ----- > Control code points (including the ASCII controls U+0000 to U+001F as well as U+007F) are disallowed in the PRECIS FreeformClass, which the OpaqueString profile uses. Thus it's not enough to just disallow non-US-ASCII codepoints (rather than implement the full OpaqueString profile) to comply with a subset of the OpaqueString profile. > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC7804 (draft-ietf-httpauth-scram-auth-15) > -------------------------------------- > Title : Salted Challenge Response HTTP Authentication Mechanism > Publication Date : March 2016 > Author(s) : A. Melnikov > Category : EXPERIMENTAL > Source : Hypertext Transfer Protocol Authentication > Area : Security > Stream : IETF > Verifying Party : IESG >
- [http-auth] [Technical Errata Reported] RFC7804 (… RFC Errata System
- Re: [http-auth] [Technical Errata Reported] RFC78… Benjamin Kaduk
- Re: [http-auth] [Technical Errata Reported] RFC78… Alexey Melnikov
- Re: [http-auth] [Technical Errata Reported] RFC78… Benjamin Kaduk