Re: [certid] [Technical Errata Reported] RFC4985 (2520)
Stefan Santesson <stefan@aaa-sec.com> Tue, 14 September 2010 16:52 UTC
Return-Path: <stefan@aaa-sec.com>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 6B7453A69EB for <certid@core3.amsl.com>;
Tue, 14 Sep 2010 09:52:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.648
X-Spam-Level:
X-Spam-Status: No, score=-102.648 tagged_above=-999 required=5 tests=[AWL=0.601,
BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_LOW=-1,
USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LuczpZll-mt8 for
<certid@core3.amsl.com>; Tue, 14 Sep 2010 09:52:25 -0700 (PDT)
Received: from s87.loopia.se (s87.loopia.se [194.9.95.111]) by core3.amsl.com
(Postfix) with ESMTP id 967363A6AB8 for <certid@ietf.org>;
Tue, 14 Sep 2010 09:52:17 -0700 (PDT)
Received: from s19.loopia.se (s34.loopia.se [194.9.94.70]) by s87.loopia.se
(Postfix) with ESMTP id B188638F52F for <certid@ietf.org>;
Tue, 14 Sep 2010 18:52:41 +0200 (CEST)
Received: (qmail 9987 invoked from network); 14 Sep 2010 16:52:35 -0000
Received: from 213-64-142-247-no153.business.telia.com (HELO [192.168.1.17])
(stefan@fiddler.nu@[213.64.142.247]) (envelope-sender <stefan@aaa-sec.com>)
by s19.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for
<rfc-editor@rfc-editor.org>; 14 Sep 2010 16:52:35 -0000
User-Agent: Microsoft-Entourage/12.26.0.100708
Date: Tue, 14 Sep 2010 18:52:29 +0200
From: Stefan Santesson <stefan@aaa-sec.com>
To: RFC Errata System <rfc-editor@rfc-editor.org>, <stefans@microsoft.com>,
<turners@ieca.com>, <tim.polk@nist.gov>, <kent@bbn.com>,
IETF cert-based identity <certid@ietf.org>
Message-ID: <C8B574ED.EF10%stefan@aaa-sec.com>
Thread-Topic: [Technical Errata Reported] RFC4985 (2520)
Thread-Index: ActULTdnmFYa2WQffEG3V4guTdnSDg==
In-Reply-To: <20100914163434.9E6BEE06E9@rfc-editor.org>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc: pkix@ietf.org, sts@aaa-sec.com
Subject: Re: [certid] [Technical Errata Reported] RFC4985 (2520)
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Sep 2010 16:52:42 -0000
I have submitted the following errata as a result of the discussions concerning draft-saintandre-tls-server-id-check. The updated text has been agreed on during these discussions. This is not considered to be a change of the RFC since the correct definition is given in two other places (explained in the errata). This is thus just an error fix to remove an ambiguity and to bring the document in alignment with itself. /Stefan On 10-09-14 6:34 PM, "RFC Errata System" <rfc-editor@rfc-editor.org> wrote: > > The following errata report has been submitted for RFC4985, > "Internet X.509 Public Key Infrastructure Subject Alternative Name for > Expression of Service Name". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=4985&eid=2520 > > -------------------------------------- > Type: Technical > Reported by: Stefan Santesson <sts@aaa-sec.com> > > Section: 2 > > Original Text > ------------- > Name > > The DNS domain name of the domain where the specified service > > is located. > > Corrected Text > -------------- > Name > > A DNS domain name, representing a domain for which the certificate > > issuer has asserted that the certified subject is a legitimate > > provider of the identified service. > > Notes > ----- > The current text is ambiguous compared with the defined meaning of this name > form given in the RFC. > > > > The definition of this component is given in the overall definition as: > > > > "The content of the components of this name form MUST be consistent > > with the corresponding definition of these components in an SRV RR > > according to RFC 2782 [N3]." > > > > And later in the same section: > > > > "The purpose of the SRVName is limited to authorization of > > service provision within a domain." > > > > The changed text makes it clear that the domain is the domain where the > certified host is a legitimate service provider, which may or may not be the > domain where the same host is located. Thus the changed text harmonize with > the rest of the document. > > Instructions: > ------------- > This errata is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party (IESG) > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC4985 (draft-ietf-pkix-srvsan-05) > -------------------------------------- > Title : Internet X.509 Public Key Infrastructure Subject > Alternative Name for Expression of Service Name > Publication Date : August 2007 > Author(s) : S. Santesson > Category : PROPOSED STANDARD > Source : Public-Key Infrastructure (X.509) > Area : Security > Stream : IETF > Verifying Party : IESG
- Re: [certid] [Technical Errata Reported] RFC4985 … Stefan Santesson