[Acme] [Errata Verified] RFC8555 (7565)
RFC Errata System <rfc-editor@rfc-editor.org> Thu, 11 January 2024 18:49 UTC
Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31B03C14F68B; Thu, 11 Jan 2024 10:49:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.659
X-Spam-Level:
X-Spam-Status: No, score=-1.659 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lipl7lrrtBQI; Thu, 11 Jan 2024 10:49:45 -0800 (PST)
Received: from rfcpa.amsl.com (rfcpa.amsl.com [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2E66C14F6F6; Thu, 11 Jan 2024 10:49:44 -0800 (PST)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 999E51A2161D; Thu, 11 Jan 2024 10:49:44 -0800 (PST)
To: Paul@Rasdoc.com, rlb@ipv.sx, jsha@eff.org, cpu@letsencrypt.org, jdkasten@umich.edu
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: rdd@cert.org, iesg@ietf.org, acme@ietf.org, iana@iana.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20240111184944.999E51A2161D@rfcpa.amsl.com>
Date: Thu, 11 Jan 2024 10:49:44 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/i4-1E6koSlmwgGH9wgkfc52y--M>
X-Mailman-Approved-At: Fri, 12 Jan 2024 03:05:43 -0800
Subject: [Acme] [Errata Verified] RFC8555 (7565)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jan 2024 18:49:49 -0000
The following errata report has been verified for RFC8555, "Automatic Certificate Management Environment (ACME)". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7565 -------------------------------------- Status: Verified Type: Technical Reported by: Paul Breed <Paul@Rasdoc.com> Date Reported: 2023-07-13 Verified by: Roman Danyliw (IESG) Section: 8.1 Original Text ------------- The "Thumbprint" step indicates the computation specified in [RFC7638], using the SHA-256 digest [FIPS180-4]. As noted in [RFC7518] any prepended zero octets in the fields of a JWK object MUST be stripped before doing the computation. Corrected Text -------------- The "Thumbprint" step indicates the computation specified in [RFC7638], using the SHA-256 digest [FIPS180-4]. As noted in [RFC7518] any additional prepended zero octets in the fields of a JWK object MUST be stripped before doing the computation. Fixed length fields such as found in ECDSA keys should be their natural length and leading zero octets should not be stripped. Notes ----- This comment was really aimed at the leading 0 octet sometimes used with RSA, but the comment is not RSA specific. ECDSA keys can have fixed length fields (X,Y) where there can be leading zeros. This led me astray in implementing an ECDSA thumbprint routine for ACME. The result was that 1/128 ECDSA keys failed to generate t humbp[rint as leading zeros were removed. -------------------------------------- RFC8555 (draft-ietf-acme-acme-18) -------------------------------------- Title : Automatic Certificate Management Environment (ACME) Publication Date : March 2019 Author(s) : R. Barnes, J. Hoffman-Andrews, D. McCarney, J. Kasten Category : PROPOSED STANDARD Source : Automated Certificate Management Environment Area : Security Stream : IETF Verifying Party : IESG
- [Acme] [Errata Verified] RFC8555 (7565) RFC Errata System