Movatterモバイル変換

[RFC Home] [TEXT|PDF|HTML] [Tracker] [IPR] [Errata] [Info page]

INFORMATIONAL
Errata Exist

Network Working Group D. EastlakeRequest for Comments: 3504 MotorolaCategory: Informational March 2003Internet Open Trading Protocol (IOTP)Version 1, ErrataStatus of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.Copyright Notice Copyright (C) The Internet Society (2003). All Rights Reserved.Abstract Since the publication of the RFCs specifying Version 1.0 of the Internet Open Trading Protocol (IOTP), some errors have been noted. This informational document lists these errors and provides corrections for them.Table of Contents1. Introduction....................................................22. DTD Errata......................................................22.1 PackagedContent Element.....................................22.2 The Element called Attribute................................33. Other Errata....................................................3 3.1 Re: Combining Authentication Transactions with other Transactions................................................33.2 Type attribute of Element called Attribute..................34. Security Considerations.........................................45. References......................................................46. Acknowledgements................................................47. Author's Address................................................58. Full Copyright Statement........................................6Eastlake Informational [Page 1]

RFC 3504                     IOTP v1 Errata                   March 20031. Introduction   The Internet Open Trading Protocol (IOTP), Version 1.0, is specified   in [RFC 2801, 2802, 2803].  It provides a payment system independent   framework for Internet commerce oriented to consumer to business   transactions.  It provides mechanism for different portions of the   business function, such as fulfillment or payment handling, to be   distributed or outsourced.  It does not require a prior relationship   between the consumer and business.   Several errors have been noted in the IOTP v1.0 specification,   particularlyRFC 2801, which was the largest RFC ever issued.  These   are listed, with their fix, in this document.2. DTD Errata2.1 PackagedContent Element   Attribute types are swapped.   OLD/INCORRECT:      !ELEMENT PackagedContent (#PCDATA) >      <!ATTLIST PackagedContent               Name             CDATA     #IMPLIED               Content          NMTOKEN   "PCDATA"               Transform   (NONE|BASE64)  "NONE" >   NEW/CORRECT:      <!ELEMENT PackagedContent (#PCDATA) >      <!ATTLIST PackagedContent                Name           NMTOKEN     #IMPLIED                Content        CDATA       "PCDATA"                Transform   (NONE|BASE64)  "NONE" >Eastlake                     Informational                      [Page 2]

RFC 3504                     IOTP v1 Errata                   March 20032.2 The Element called Attribute   Incorrect element content specification syntax.   OLD/INCORRECT:      <!ELEMENT Attribute ( ANY ) >      <!ATTLIST Attribute                type                NMTOKEN            #REQUIRED                critical        ( true | false )       #REQUIRED      >   NEW/CORRECT      <!ELEMENT Attribute ANY >      <!ATTLIST Attribute                type                NMTOKEN            #REQUIRED                critical        ( true | false )       #REQUIRED      >3. Other Errata3.1 Re: Combining Authentication Transactions with other TransactionsSection 9.1.13. page 234, restarted->continued:   OLD/INCORRECT:      if the Authentication transaction is successful, then the original      IOTP Transaction is restarted   NEW/CORRECT:      if the Authentication transaction is successful, then the original      IOTP Transaction is continued3.2 Type attribute of Element called AttributeSection 7.19.1, Page 150, insufficient list of signature types:   OLD/INCORRECT:      There must be one and only one Attribute Element that contains a      Type attribute with a value of IOTP Signature Type and with      content set to either: OfferResponse, PaymentResponse,      DeliveryResponse, AuthenticationRequest, AuthenticationResponse,      PingReq or PingResponse; depending on the type of the signature.Eastlake                     Informational                      [Page 3]

RFC 3504 IOTP v1 Errata March 2003 NEW/CORRECT: There must be one and only one Attribute Element that contains a Type attribute with a value of IOTP Signature Type and with content set to either: OfferResponse, PaymentResponse, DeliveryResponse, AuthenticationRequest, AuthenticationResponse, PingReq, PingResponse, AuthenticationStatus, InquiryRequest, or InquiryResponse; depending on the type of the signature. AND a similar change extending the list of values inSection 12.1, Page 262. And atSection 6.1.2, Page 82, add the following: AuthenticationStatus any role InquiryRequest any role InquiryResponse any role4. Security Considerations The errata listed herein are not particularly security related. Never the less, incorrect implementations due to uncorrected errors in the specification may compromise security.5. References [RFC 2801] Burdett, D., "Internet Open Trading Protocol - IOTP Version 1.0",RFC 2801, April 2000. [RFC 2802] Davidson, K. and Y. Kawatsura, "Digital Signatures for the v1.0 Internet Open Trading Protocol (IOTP)",RFC 2802, April 2000. [RFC 2803] Maruyama, H., Tamura, K. and N. Uramoto, "Digest Values for DOM (DOMHASH)",RFC 2803, April 2000.6. Acknowledgements Thanks to the following people for reporting or responding to reports of these errata: Harald Barrera Dubois, Yoshiaki Kawatsura, Chun OuyangEastlake Informational [Page 4]

RFC 3504                     IOTP v1 Errata                   March 20037. Author's Address   Donald E. Eastlake 3rd   Motorola   155 Beaver Street   Milford, MA 01757 USA   Phone:  +1-508-851-8280 (w)           +1-508-634-2066 (h)   EMail:  Donald.Eastlake@motorola.comEastlake                     Informational                      [Page 5]

RFC 3504                     IOTP v1 Errata                   March 20038.  Full Copyright Statement   Copyright (C) The Internet Society (2003).  All Rights Reserved.   This document and translations of it may be copied and furnished to   others, and derivative works that comment on or otherwise explain it   or assist in its implementation may be prepared, copied, published   and distributed, in whole or in part, without restriction of any   kind, provided that the above copyright notice and this paragraph are   included on all such copies and derivative works.  However, this   document itself may not be modified in any way, such as by removing   the copyright notice or references to the Internet Society or other   Internet organizations, except as needed for the purpose of   developing Internet standards in which case the procedures for   copyrights defined in the Internet Standards process must be   followed, or as required to translate it into languages other than   English.   The limited permissions granted above are perpetual and will not be   revoked by the Internet Society or its successors or assigns.   This document and the information contained herein is provided on an   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.Acknowledgement   Funding for the RFC Editor function is currently provided by the   Internet Society.Eastlake                     Informational                      [Page 6]

[8]ページ先頭