Hello Paul and ACE, I have checked this reported erratum and all the examples in Appendix A.
* First off, I think that the fix proposed in this reported erratum is correct.
* I believe that there is another error, exactly in the same example of Appendix A.2.2.
Consistent with the intention of this example, the diagnostic notation in Figure 7 shows the map entry:
/ alg / 3: 4 / HMAC 256/64 /However, the last 2 bytes of the hex encoding in Figure 6 are 0x030a (maybe they were simply copy-pasted from the previous example in Appendix A.2.1), which in the diagnostic notation would result in the map entry:
/ alg / 3: 10 / AES-CCM-16-64-128 /That is, I believe that the hex encoding in Figure 6 should be fixed as follows:
OLD: a4205820403697de87af64611c1d32a05dab0fe1fcb715a86ab435f1ec99192d 795693880104024c53796d6d6574726963323536030a NEW: a4205820403697de87af64611c1d32a05dab0fe1fcb715a86ab435f1ec99192d 795693880104024c53796d6d65747269633235360304* All the other examples in Appendix A look correct to me, after taking into account the already approved erratum at [1] related to Appendix A.3.
Best, /Marco [1] https://www.rfc-editor.org/errata/eid5852 On 2024-06-11 20:02, Paul Wouters wrote:
Any volunteers to confirm this errata and check the entire RFC for similar errors ? :)Paul> On Jun 11, 2024, at 12:26 AM, RFC Errata System <rfc-edi...@rfc-editor.org> wrote:> > The following errata report has been submitted for RFC8392, > "CBOR Web Token (CWT)". > > -------------------------------------- > You may review the report below and at:> https://www.rfc-editor.org/errata/eid7982 <https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.rfc-editor.org%2Ferrata%2Feid7982&data=05%7C02%7Cmarco.tiloca%40ri.se%7C498e1ade1f7941ca2f6a08dc8a40ba88%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638537257774278032%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=D%2FGAsapC0Um2JLE0MV69XwaS7Uz6DOfbgaUtiHqFls8%3D&reserved=0>> > -------------------------------------- > Type: Editorial > Reported by: Christian Amsüss <christ...@amsuess.com> > > Section: A.2.2 > > Original Text > ------------- > / kid / 4: h'53796d6d6574726963323536' / 'Symmetric256' /, > > Corrected Text > -------------- > / kid / 2: h'53796d6d6574726963323536' / 'Symmetric256' /, > > Notes > -----> The hex above the diagnostic notation encodes for index 2 before the 'Symmetric256' value. The use of CBOR value 2 to mean "kid" is also consistent with the examples around it.>> As this is a mix-up between the "kid" key from COSE Key Common Parameters and COSE Header parameters, a check through the whole document for whether the right numeric values are used might be due. The use of 2 here and 4 in A.3 and A.4 seems right to me -- but I keep mixing those up myself, which was why I was looking into this example in the first place.> > Instructions: > ------------- > This erratum is currently posted as "Reported". (If it is spam, it > will be removed shortly by the RFC Production Center.) Please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > will log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC8392 (draft-ietf-ace-cbor-web-token-15) > -------------------------------------- > Title : CBOR Web Token (CWT) > Publication Date : May 2018 > Author(s) : M. Jones, E. Wahlstroem, S. Erdtman, H. Tschofenig > Category : PROPOSED STANDARD> Source : Authentication and Authorization for Constrained Environments> Stream : IETF > Verifying Party : IESG > _______________________________________________ Ace mailing list --ace@ietf.org To unsubscribe send an email toace-le...@ietf.org
-- Marco Tiloca Ph.D., Senior Researcher Phone: +46 (0)70 60 46 501 RISE Research Institutes of Sweden AB Box 1263 164 29 Kista (Sweden) Division: Digital Systems Department: Computer Science Unit: Cybersecurity https://www.ri.se
OpenPGP_0xEE2664B40E58DA43.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ace mailing list -- ace@ietf.org To unsubscribe send an email to ace-le...@ietf.org
