[xmpp] [Technical Errata Reported] RFC7711 (6338)

RFC Errata System <rfc-editor@rfc-editor.org> Tue, 17 November 2020 09:15 UTC

Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 929E83A0BC4 for <xmpp@ietfa.amsl.com>; Tue, 17 Nov 2020 01:15:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J0g7nbSrAXyu for <xmpp@ietfa.amsl.com>; Tue, 17 Nov 2020 01:15:46 -0800 (PST)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E04B3A0BAD for <xmpp@ietf.org>; Tue, 17 Nov 2020 01:15:46 -0800 (PST)
Received: by rfc-editor.org (Postfix, from userid 30) id 52713F4074B; Tue, 17 Nov 2020 01:15:35 -0800 (PST)
To: mamille2@cisco.com, stpeter@mozilla.com, superuser@gmail.com, barryleiba@computer.org, jhildebr@cisco.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: b.lacoste@pepta.net, xmpp@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20201117091535.52713F4074B@rfc-editor.org>
Date: Tue, 17 Nov 2020 01:15:35 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/xmpp/1bRqzRH-wO1T41TP1aCjEi-CSYQ>
Subject: [xmpp] [Technical Errata Reported] RFC7711 (6338)
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2020 09:15:48 -0000

The following errata report has been submitted for RFC7711,
"PKIX over Secure HTTP (POSH)".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid6338

--------------------------------------
Type: Technical
Reported by: Bastien Lacoste <b.lacoste@pepta.net>

Section: 6

Original Text
-------------
The POSH client MUST NOT cache results (reference or fingerprints)
indefinitely.  If the source domain returns a reference, the POSH
client MUST use the lower of the two "expires" values when
determining how long to cache results (i.e., if the reference
"expires" value is lower than the fingerprints "expires" value, honor
the reference "expires" value).  Once the POSH client considers the
results stale, it needs to perform the entire POSH operation again,
starting with the HTTPS GET request to the source domain.  The POSH
client MAY use a lower value than any provided in the "expires"
member(s), or not cache results at all.

Corrected Text
--------------
Add the following:

If the source returns an invalid reference, the POSH client SHALL NOT cache the results (reference or fingerprint) and SHALL perform the entire POSH operation again whenever performing any further retry.

Notes
-----
If reference is lost (eg x509 certificate) and if POSH client does not refresh fingerprint then it fails until expiration of old fingerprints... which will prevent the client to access a service because of caching, although references was updated on source domain.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
can log in to change the status and edit the report, if necessary. 

--------------------------------------
RFC7711 (draft-ietf-xmpp-posh-06)
--------------------------------------
Title               : PKIX over Secure HTTP (POSH)
Publication Date    : November 2015
Author(s)           : M. Miller, P. Saint-Andre
Category            : PROPOSED STANDARD
Source              : Extensible Messaging and Presence Protocol
Area                : Applications and Real-Time
Stream              : IETF
Verifying Party     : IESG