[pkix] [Editorial Errata Reported] RFC5280 (7634)
RFC Errata System <rfc-editor@rfc-editor.org> Fri, 08 September 2023 21:15 UTC
Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 289C3C15154D for <pkix@ietfa.amsl.com>; Fri, 8 Sep 2023 14:15:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.533
X-Spam-Level:
X-Spam-Status: No, score=0.533 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, RDNS_NONE=0.793, SPF_HELO_SOFTFAIL=0.732, SPF_SOFTFAIL=0.665, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ddxXpULGUJXo for <pkix@ietfa.amsl.com>; Fri, 8 Sep 2023 14:15:55 -0700 (PDT)
Received: from rfcpa.amsl.com (unknown [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D1D9C15153D for <pkix@ietf.org>; Fri, 8 Sep 2023 14:15:55 -0700 (PDT)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 33D6BE5EA7; Fri, 8 Sep 2023 14:15:55 -0700 (PDT)
To: rfc-editor@rfc-editor.org
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: ietf@nharper.org, david.cooper@nist.gov, stefans@microsoft.com, stephen.farrell@cs.tcd.ie, sharon.boeyen@entrust.com, housley@vigilsec.com, wpolk@nist.gov, pkix@ietf.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20230908211555.33D6BE5EA7@rfcpa.amsl.com>
Date: Fri, 08 Sep 2023 14:15:55 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/1bNA6boFTL1aH-GOBs8m_DB9-l8>
Subject: [pkix] [Editorial Errata Reported] RFC5280 (7634)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Sep 2023 21:15:59 -0000
The following errata report has been submitted for RFC5280, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7634 -------------------------------------- Type: Editorial Reported by: Nick Harper <ietf@nharper.org> Section: 4.1 Original Text ------------- Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING } Corrected Text -------------- Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING } Notes ----- The definition in section 4.1 disagrees with the definition in appendix A.1 (page 116) on whether the name of the field containing the signature is "signatureValue" or "signature". This error appears in RFC 3280 and RFC 2459 as well. The versions of X.509 in force when RFCs 2459, 3280, and 5280 were published use neither of those names. (Those versions of X.509 considered a signature to be an encrypted hash and called the field "encrypted".) The current version, ITU-T X.509 (10/2019), defines this field to be "signature" in section 6.2.1. (X.509 defines the Certificate type using a component type of SIGNATURE, which has two fields named "algorithmIdentifier" and "signature".) In addition to changing the field name in the definition of the Certificate type in section 4.1, the title and text of subsection 4.1.1.3 should be updated to replace "signatureValue" with "signature". Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC5280 (draft-ietf-pkix-rfc3280bis-11) -------------------------------------- Title : Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile Publication Date : May 2008 Author(s) : D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk Category : PROPOSED STANDARD Source : Public-Key Infrastructure (X.509) Area : Security Stream : IETF Verifying Party : IESG
- [pkix] [Editorial Errata Reported] RFC5280 (7634) RFC Errata System
- Re: [pkix] [Editorial Errata Reported] RFC5280 (7… Russ Housley
- Re: [pkix] [Editorial Errata Reported] RFC5280 (7… Rebecca VanRheenen