draft-ietf-trade-iotp-v1-errata-00.txt   draft-ietf-trade-iotp-v1-errata-01.txt 
INTERNET DRAFT Donald E. Eastlake 3rd A new Request for Comments is now available in online RFC libraries.
UPDATES RFC 2801 Motorola
Expires November 2001 May 2001
Internet Open Trading Protocol (IOTP)
Version 1 Errata
<draft-ietf-trade-iotp-v1-errata-00.txt>
Status of this Memo
Distribution of this document is unlimited. Comments should be sent
to the authors or the IETF TRADE working group <ietf-
trade@lists.elistx.com>.
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC 2026. Internet-Drafts are
working documents of the Internet Engineering Task Force (IETF), its
areas, and its working groups. Note that other groups may also
distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet- Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at RFC 3504
http://www.ietf.org/shadow.html.
Copyright Notice Title: Internet Open Trading Protocol (IOTP)
Version 1, Errata
Author(s): D. Eastlake
Status: Informational
Date: March 2003
Mailbox: Donald.Eastlake@motorola.com
Pages: 6
Characters: 8655
Updates/Obsoletes/SeeAlso: None
Copyright (C) 2001, The Internet Society. All Rights Reserved. I-D Tag: draft-ietf-trade-iotp-v1-errata-01.txt
Abstract URL: ftp://ftp.rfc-editor.org/in-notes/rfc3504.txt
Since the publication of the RFCs specifying Version 1.0 of the Since the publication of the RFCs specifying Version 1.0 of the
Internet Trading Protocol, some errors have been noted. This Internet Open Trading Protocol (IOTP), some errors have been noted.
informational document lists these errors and provides corrections This informational document lists these errors and provides
for them. corrections for them.
Acknowledgements
Thanks to the following people for reporting or responding to reports
of these errata:
Harald Barrera Dubois, Yoshiaki Kawatsura, Chun Ouyang
Table of Contents
Status of this Memo........................................1
Copyright Notice...........................................1
Abstract...................................................1
Acknowledgements...........................................2
Table of Contents..........................................2
1. Introduction............................................3
2. DTD Errata..............................................3
2.1 PackagedContent Element................................3
2.2 The Element called Attribute...........................3
3. Other Errata............................................4
3.1 Re: Combining Authentication Transactions with other
Transactions4
3.2 Type attribute of Element called Attribute.............4
4. Security Considerations.................................5
References.................................................6
Author's Address...........................................6
Full Copyright Statement...................................7
File name and Expiration...................................7
1. Introduction
The Internet Open Trading Protcol (IOTP), Version 1.0, is specified
in [RFC 2801, 2802, 2803]. It provides a payment system independent
framework for Internet commerce oriented to consumer to business
transactions. It provides mechaism for different portions of the the
business function, such as fullfilment or payment handling, to be
distributed or outsourced. It does not require a prior relationship
between the consumer and business.
Several errors have been noted in the IOTP v1.0 specification,
particularly RFC 2801, which was the largest RFC even issued. These
are listed, with their fix, in this document.
2. DTD Errata
2.1 PackagedContent Element
Attribute types are swapped.
OLD/INCORRECT:
!ELEMENT PackagedContent (#PCDATA) >
<!ATTLIST PackagedContent
Name CDATA #IMPLIED
Content NMTOKEN "PCDATA"
Transform (NONE|BASE64) "NONE" >
NEW/CORRECT:
<!ELEMENT PackagedContent (#PCDATA) >
<!ATTLIST PackagedContent
Name NMTOKEN #IMPLIED
Content CDATA "PCDATA"
Transform (NONE|BASE64) "NONE" >
2.2 The Element called Attribute
Incorrect element content specification syntax.
OLD/INCORRECT:
<!ELEMENT Attribute ( ANY ) >
<!ATTLIST Attribute
type NMTOKEN #REQUIRED
critical ( true | false ) #REQUIRED
>
NEW/CORRECT
<!ELEMENT Attribute ANY >
<!ATTLIST Attribute
type NMTOKEN #REQUIRED
critical ( true | false ) #REQUIRED
>
3. Other Errata
3.1 Re: Combining Authentication Transactions with other Transactions
Section 9.1.13. page 234, restarted->continued:
OLD/INCORRECT:
if the Authentication transaction is successful, then the
original IOTP Transaction is restarted
NEW/CORRECT:
if the Authentication transaction is successful, then the
original IOTP Transaction is continued
3.2 Type attribute of Element called Attribute
Section 7.19.1, Page 150, insufficient list of signature types:
OLD/INCORRECT:
There must be one and only one Attribute Element that contains
a Type attribute with a value of IOTP Signature Type and with
content set to either: OfferResponse, PaymentResponse,
DeliveryResponse, AuthenticationRequest,
AuthenticationResponse, PingReq or PingResponse; depending on
the type of the signature.
NEW/CORRECT:
There must be one and only one Attribute Element that contains
a Type attribute with a value of IOTP Signature Type and with
content set to either: OfferResponse, PaymentResponse,
DeliveryResponse, AuthenticationRequest,
AuthenticationResponse, PingReq, PingResponse,
AuthenticationStatus, InquiryRequest, or InquiryResponse;
depending on the type of the signature.
AND a similar change exending the list of values in Section 12.1,
Page 262.
And at Section 6.1.2, Page 82, add the following:
AuthenticationStatus any role
InquiryRequest any role
InquiryResponse any role
4. Security Considerations
The errata listed herein are not particularly security related. Never
the less, incorrect implementations due to uncorrected errors in the
specification may compromise security.
References
[RFC 2801] - "Internet Open Trading Protocol - IOTP Version 1.0", D.
Burdett, April 2000.
[RFC 2802] - "Digital Signatures for the v1.0 Internet Open Trading
Protocol (IOTP)", K. Davidson, Y. Kawatsura, April 2000.
[RFC 2803] - "Digest Values for DOM (DOMHASH)", H. Maruyama, K.
Tamura, N. Uramoto, April 2000.
Author's Address
Donald E. Eastlake 3rd
Motorola
155 Beaver Street
Milford, MA 01757 USA
Phone: +1-508-261-5434 (w)
+1-508-634-2066 (h)
Email: Donald.Eastlake@motorola.com
Full Copyright Statement
Copyright (c) 2001 The Internet Society, All Rights Reserved. This document is a product of the Internet Open Trading Protocol
Working Group of the IETF.
This document and translations of it may be copied and furnished to This memo provides information for the Internet community. It does
others, and derivative works that comment on or otherwise explain it not specify an Internet standard of any kind. Distribution of this
or assist in its implementation may be prepared, copied, published memo is unlimited.
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be This announcement is sent to the IETF list and the RFC-DIST list.
revoked by the Internet Society or its successors or assigns. Requests to be added to or deleted from the IETF distribution list
should be sent to IETF-REQUEST@IETF.ORG. Requests to be
added to or deleted from the RFC-DIST distribution list should
be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG.
This document and the information contained herein is provided on an Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING help: ways_to_get_rfcs. For example:
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
File name and Expiration To: rfc-info@RFC-EDITOR.ORG
Subject: getting rfcs
This file is draft-ietf-iotp-v1-errata-00.txt. help: ways_to_get_rfcs
It expires November 2001. Requests for special distribution should be addressed to either the
author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG. Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.echo
Submissions for Requests for Comments should be sent to
RFC-EDITOR@RFC-EDITOR.ORG. Please consult RFC 2223, Instructions to RFC
Authors, for further information.
 End of changes. 

This html diff was produced by rfcdiff 1.25, available from http://www.levkowetz.com/ietf/tools/rfcdiff/