[pkix] [Errata Held for Document Update] RFC3279 (6672)
RFC Errata System <rfc-editor@rfc-editor.org> Fri, 12 January 2024 20:21 UTC
Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EE97C14F5FC; Fri, 12 Jan 2024 12:21:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.658
X-Spam-Level:
X-Spam-Status: No, score=-1.658 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 48stSuLL0C3t; Fri, 12 Jan 2024 12:21:22 -0800 (PST)
Received: from rfcpa.amsl.com (rfcpa.amsl.com [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC0C7C14F5ED; Fri, 12 Jan 2024 12:21:22 -0800 (PST)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 105681A2161D; Fri, 12 Jan 2024 12:21:21 -0800 (PST)
To: hablutzel1@gmail.com, tim.polk@nist.gov, rhousley@rsasecurity.com, lbassham@nist.gov
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: paul.wouters@aiven.io, iesg@ietf.org, pkix@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20240112202122.105681A2161D@rfcpa.amsl.com>
Date: Fri, 12 Jan 2024 12:21:21 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/JEtgYlUg8_J55xTEh5LY5AE4phc>
Subject: [pkix] [Errata Held for Document Update] RFC3279 (6672)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jan 2024 20:21:26 -0000
The following errata report has been held for document update for RFC3279, "Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid6672 -------------------------------------- Status: Held for Document Update Type: Technical Reported by: Jaime Hablutzel <hablutzel1@gmail.com> Date Reported: 2021-09-01 Held by: Paul Wouters (IESG) Section: 2.3.5 Original Text ------------- If the keyUsage extension is present in a CA or CRL issuer certificate which conveys an elliptic curve public key, any combination of the following values MAY be present: digitalSignature; nonRepudiation; and keyAgreement. If the keyAgreement value is present, either of the following values MAY be present: encipherOnly; and decipherOnly. The keyUsage extension MUST NOT assert both encipherOnly and decipherOnly. If the keyUsage extension is present in a CA certificate which conveys an elliptic curve public key, any combination of the following values MAY be present: digitalSignature; nonRepudiation; keyAgreement; keyCertSign; and cRLSign. Corrected Text -------------- If the keyUsage extension is present in an end entity certificate which conveys an elliptic curve public key, any combination of the following values MAY be present: digitalSignature; nonRepudiation; and keyAgreement. If the keyAgreement value is present, either of the following values MAY be present: encipherOnly; and decipherOnly. The keyUsage extension MUST NOT assert both encipherOnly and decipherOnly. If the keyUsage extension is present in a CA or CRL issuer certificate which conveys an elliptic curve public key, any combination of the following values MAY be present: digitalSignature; nonRepudiation; keyAgreement; keyCertSign; and cRLSign. Notes ----- - "a CA or CRL issuer certificate" is replaced by "an end entity certificate" - "CA certificate" is replaced by "CA or CRL issuer certificate" The need for this correction can be confirmed from RFC 5480, "3. Key Usage Bits". Corrected wording has been copied from the section "2.3.1 RSA Keys" of this RFC 3279 itself. Paul Wouters (AD): As 5480 updates 3279, this errata is resolved -------------------------------------- RFC3279 (draft-ietf-pkix-ipki-pkalgs-05) -------------------------------------- Title : Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile Publication Date : April 2002 Author(s) : L. Bassham, W. Polk, R. Housley Category : PROPOSED STANDARD Source : Public-Key Infrastructure (X.509) Area : Security Stream : IETF Verifying Party : IESG
- [pkix] [Errata Held for Document Update] RFC3279 … RFC Errata System