[Anima] [Technical Errata Reported] RFC8995 (6649)
RFC Errata System <rfc-editor@rfc-editor.org> Tue, 27 July 2021 02:29 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EF623A1230 for <anima@ietfa.amsl.com>; Mon, 26 Jul 2021 19:29:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DrlI160QGQSr for <anima@ietfa.amsl.com>; Mon, 26 Jul 2021 19:29:49 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D5833A1229 for <anima@ietf.org>; Mon, 26 Jul 2021 19:29:49 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id B7906F40710; Mon, 26 Jul 2021 19:29:31 -0700 (PDT)
To: pritikin@cisco.com, mcr+ietf@sandelman.ca, tte+ietf@cs.fau.de, Michael.H.Behringer@gmail.com, kent+ietf@watsen.net, warren@kumari.net, rwilton@cisco.com, jiangsheng@huawei.com, tte@cs.fau.de
X-PHP-Originating-Script: 1005:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: mcr+ietf@sandelman.ca, anima@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20210727022931.B7906F40710@rfc-editor.org>
Date: Mon, 26 Jul 2021 19:29:31 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/UN13q_BggbKjcjd8aS7NgS4yJFI>
Subject: [Anima] [Technical Errata Reported] RFC8995 (6649)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jul 2021 02:29:55 -0000
The following errata report has been submitted for RFC8995, "Bootstrapping Remote Secure Key Infrastructure (BRSKI)". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid6649 -------------------------------------- Type: Technical Reported by: Michael Richardson <mcr+ietf@sandelman.ca> Section: 5.4 Original Text ------------- Even when a domain CA is authenticated to the MASA, and there is strong sales channel integration to understand who the legitimate owner is, the above id-kp-cmcRA check prevents arbitrary end-entity certificates (such as an LDevID certificate) from having vouchers issued against them. Corrected Text -------------- Even when a domain CA is authenticated to the MASA, and there is strong sales channel integration to understand who the legitimate owner is, the above id-kp-cmcRA check prevents arbitrary end-entity certificates (such as an LDevID certificate) from having vouchers issued against them. add: The id-kp-cmcRA is an Extended Key Usage (EKU) attribute. When any EKU attribute it set, then the certificate MUST have all related attributes set. This means that the Registrar certificate MUST also have the id-kp-clientAuth (for use with the MASA) and the id-kp-serverAuth (for use with the Pledge) set. Notes ----- https://mailarchive.ietf.org/arch/msg/anima/H6Xs_f3rQAh9acOEFXEYuoZZGls/ Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC8995 (draft-ietf-anima-bootstrapping-keyinfra-45) -------------------------------------- Title : Bootstrapping Remote Secure Key Infrastructure (BRSKI) Publication Date : May 2021 Author(s) : M. Pritikin, M. Richardson, T. Eckert, M. Behringer, K. Watsen Category : PROPOSED STANDARD Source : Autonomic Networking Integrated Model and Approach Area : Operations and Management Stream : IETF Verifying Party : IESG
- [Anima] [Technical Errata Reported] RFC8995 (6649) RFC Errata System
- Re: [Anima] [Technical Errata Reported] RFC8995 (… Chris Smiley