The following errata report has been submitted for RFC7170,
"Tunnel Extensible Authentication Protocol (TEAP) Version 1".

You may review the report below and at:

Type: Technical
Reported by: Eliot Lear <>

Section: 3.3.3

Original Text
   The Crypto-Binding TLV MUST be exchanged and verified
   before the final Result TLV exchange, regardless of whether or not
   there is an inner EAP method authentication.

Corrected Text
   Except as noted below, the Crypto-Binding TLV MUST be exchanged and verified
   before the final Result TLV exchange, regardless of whether or not
   there is an inner EAP method authentication

The text contradicts itself in the same paragraph, because it goes on to say:

   The server may send the final Result TLV along with an
   Intermediate-Result TLV and a Crypto-Binding TLV to indicate its
   intention to end the conversation.  If the peer requires nothing more
   from the server, it will respond with a Result TLV indicating success
   accompanied by a Crypto-Binding TLV and Intermediate-Result TLV if

So there are actually several legal combinations here:

1. Server and peer perform a crypto-binding exchange in anticipation of later 
sending Result TLVs
2. The server and peer combine their crypto-binding and Result TLV in the same 
3. One side initiates a crypto-binding TLV and the OTHER responds with both 
crypto-binding and Result TLV.

The practice seems to be to include the crypto-binding TLVs alongside Result 

This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
can log in to change the status and edit the report, if necessary. 

RFC7170 (draft-ietf-emu-eap-tunnel-method-10)
Title               : Tunnel Extensible Authentication Protocol (TEAP) Version 1
Publication Date    : May 2014
Author(s)           : H. Zhou, N. Cam-Winget, J. Salowey, S. Hanna
Category            : PROPOSED STANDARD
Source              : EAP Method Update
Area                : Security
Stream              : IETF
Verifying Party     : IESG

Emu mailing list

Reply via email to