Re: [OAUTH-WG] [Errata Held for Document Update] RFC6819 (4267)

torsten Thu, 17 Dec 2015 06:00:42 -0800

Hi all,

the report is correct. Please consider it an errata to RFC 6819.


kind regards,
Torsten.

Am 08.12.2015 16:05, schrieb RFC Errata System:

The following errata report has been held for document update
for RFC6819, "OAuth 2.0 Threat Model and Security Considerations".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata_search.php?rfc=6819&eid=4267

--------------------------------------
Status: Held for Document Update
Type: Editorial

Reported by: David Gladstone <[email protected]>
Date Reported: 2015-02-09
Held by: Kathleen Moriarty (IESG)

Section: 4.4.1.11

Original Text
-------------
If an authorization server includes a nontrivial amount of entropy

Corrected Text
--------------
If an authorization server includes a trivial amount of entropy

Notes
-----
The threat being described outlines a scenario where too little
entropy is involved; countermeasures include using non-trivial amounts
of entropy.

--------------------------------------
RFC6819 (draft-ietf-oauth-v2-threatmodel-08)
--------------------------------------

Title : OAuth 2.0 Threat Model and SecurityConsiderations

Publication Date    : January 2013
Author(s)           : T. Lodderstedt, Ed., M. McGloin, P. Hunt
Category            : INFORMATIONAL
Source              : Web Authorization Protocol
Area                : Security
Stream              : IETF
Verifying Party     : IESG


_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] [Errata Held for Document Update] RFC6819 (4267)

Reply via email to