[Anima] [Errata Held for Document Update] RFC8995 (6649)
RFC Errata System <rfc-editor@rfc-editor.org> Mon, 15 January 2024 10:16 UTC
Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A8B8C14F69E; Mon, 15 Jan 2024 02:16:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.657
X-Spam-Level:
X-Spam-Status: No, score=-1.657 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rl-HpcXiH_K9; Mon, 15 Jan 2024 02:16:18 -0800 (PST)
Received: from rfcpa.amsl.com (rfcpa.amsl.com [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1921C14F6BD; Mon, 15 Jan 2024 02:16:18 -0800 (PST)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 6FEED1A49952; Mon, 15 Jan 2024 02:16:18 -0800 (PST)
To: mcr+ietf@sandelman.ca, pritikin@cisco.com, mcr+ietf@sandelman.ca, tte+ietf@cs.fau.de, Michael.H.Behringer@gmail.com, kent+ietf@watsen.net
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: rwilton@cisco.com, iesg@ietf.org, anima@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20240115101618.6FEED1A49952@rfcpa.amsl.com>
Date: Mon, 15 Jan 2024 02:16:18 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/sM2bpzNPTHJuAMbJju4b4KweP5Q>
Subject: [Anima] [Errata Held for Document Update] RFC8995 (6649)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jan 2024 10:16:23 -0000
The following errata report has been held for document update for RFC8995, "Bootstrapping Remote Secure Key Infrastructure (BRSKI)". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid6649 -------------------------------------- Status: Held for Document Update Type: Technical Reported by: Michael Richardson <mcr+ietf@sandelman.ca> Date Reported: 2021-07-27 Held by: Rob Wilton (IESG) Section: 5.5.4. Original Text ------------- Even when a domain CA is authenticated to the MASA, and there is strong sales channel integration to understand who the legitimate owner is, the above id-kp-cmcRA check prevents arbitrary end-entity certificates (such as an LDevID certificate) from having vouchers issued against them. Corrected Text -------------- Even when a domain CA is authenticated to the MASA, and there is strong sales channel integration to understand who the legitimate owner is, the above id-kp-cmcRA check prevents arbitrary end-entity certificates (such as an LDevID certificate) from having vouchers issued against them. add: The id-kp-cmcRA is an Extended Key Usage (EKU) attribute. When any EKU attribute it set, then the certificate MUST have all related attributes set. This means that the Registrar certificate MUST also have the id-kp-clientAuth (for use with the MASA) and the id-kp-serverAuth (for use with the Pledge) set. Notes ----- https://mailarchive.ietf.org/arch/msg/anima/H6Xs_f3rQAh9acOEFXEYuoZZGls/ -------------------------------------- RFC8995 (draft-ietf-anima-bootstrapping-keyinfra-45) -------------------------------------- Title : Bootstrapping Remote Secure Key Infrastructure (BRSKI) Publication Date : May 2021 Author(s) : M. Pritikin, M. Richardson, T. Eckert, M. Behringer, K. Watsen Category : PROPOSED STANDARD Source : Autonomic Networking Integrated Model and Approach Area : Operations and Management Stream : IETF Verifying Party : IESG
- [Anima] [Errata Held for Document Update] RFC8995… RFC Errata System