RFC Errata
Found 2 records.
Status: Verified (1)
RFC 4752, "The Kerberos V5 ("GSSAPI") Simple Authentication and Security Layer (SASL) Mechanism", November 2006
Source of RFC: sasl (sec)
Errata ID: 4863
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Lars Francke
Date Reported: 2016-11-13
Verifier Name: Stephen Farrell
Date Verified: 2017-01-20
Section 3.1 - 3.3 says:
conf_flag
It should say:
conf_req_flag
Notes:
The three sections 3.1, 3.2 and 3.3 refer to a flag "conf_flag" which does not exist in the GSS_Wrap call as specified in RFC 2743 (https://tools.ietf.org/html/rfc2743#page-65). The correct name is "conf_req_flag".
I also looked in the previous version of RFC 2743 -> RFC 2078 but the same applies there.
Status: Held for Document Update (1)
RFC 4752, "The Kerberos V5 ("GSSAPI") Simple Authentication and Security Layer (SASL) Mechanism", November 2006
Source of RFC: sasl (sec)
Errata ID: 5532
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Borun Song
Date Reported: 2018-10-18
Held for Document Update by: Benjamin Kaduk
Date Held: 2018-10-18
Section 3.2 says:
with the first octet containing a bit-mask specifying the security layers supported by the server and the second through fourth octets containing in network byte order the maximum size output_token the server is able to receive (which MUST be 0 if the server does not support any security layer).
It should say:
with the first octet containing a bit-mask specifying the security layers supported by the server and the second through fourth octets containing in network byte order the maximum size output_message the server is able to receive (which MUST be 0 if the server does not support any security layer).
Notes:
‘output_token’ should be 'output_message' here, since 'output_token' is an output of GSS_Init_sec_context while here we are talking about the maximum data length that GSS_Unwrap (GSS_Wrap of the oppsite side) can handle