[pkix] Re: [Technical Errata Reported] RFC5280 (8789)
Paul Hoffman <phoffman@proper.com> Tue, 03 March 2026 20:15 UTC
Return-Path: <phoffman@proper.com>
X-Original-To: pkix@mail2.ietf.org
Delivered-To: pkix@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 838AFC3AEE33 for <pkix@mail2.ietf.org>; Tue, 3 Mar 2026 12:15:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Vby-gA6fzh5 for <pkix@mail2.ietf.org>; Tue, 3 Mar 2026 12:15:28 -0800 (PST)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 18A1FC3AEE2D for <pkix@ietf.org>; Tue, 3 Mar 2026 12:15:28 -0800 (PST)
Received: from [10.106.148.22] ([144.125.144.255]) (authenticated bits=0) by mail.proper.com (8.15.2/8.15.2) with ESMTPSA id 623KFQia052213 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <pkix@ietf.org>; Tue, 3 Mar 2026 13:15:27 -0700 (MST) (envelope-from phoffman@proper.com)
X-Authentication-Warning: mail.proper.com: Host [144.125.144.255] claimed to be [10.106.148.22]
From: Paul Hoffman <phoffman@proper.com>
To: pkix@ietf.org
Date: Tue, 03 Mar 2026 12:15:26 -0800
X-Mailer: MailMate (2.0r6272)
Message-ID: <258B4A1C-5638-4B64-8F9F-9ABB3B158D68@proper.com>
In-Reply-To: <SN7PR14MB64921CE6FA13887EEB080F75837FA@SN7PR14MB6492.namprd14.prod.outlook.com>
References: <20260228012810.26368C000CC4@rfcpa.rfc-editor.org> <8946F689-00A0-4ED7-8570-E4A9A907B954@proper.com> <AB8DC100-40AF-43BF-BC66-B3EBDD95C3E9@sn3rd.com> <d6728fcc-52a2-4db0-9023-e8e95d645597@nthpermutation.com> <SN7PR14MB649277FF0B9F8D7824393895837FA@SN7PR14MB6492.namprd14.prod.outlook.com> <A401E4EB-3DEC-4BE4-9EC3-C62989C073C1@proper.com> <SN7PR14MB64921CE6FA13887EEB080F75837FA@SN7PR14MB6492.namprd14.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: AOP6C42MYGRM4KBZILGCCOJBR3AVZ47K
X-Message-ID-Hash: AOP6C42MYGRM4KBZILGCCOJBR3AVZ47K
X-MailFrom: phoffman@proper.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-pkix.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [pkix] Re: [Technical Errata Reported] RFC5280 (8789)
List-Id: PKIX Working Group <pkix.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/KbVtV18X_ou-C7VrQkvzCj1ybGs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Owner: <mailto:pkix-owner@ietf.org>
List-Post: <mailto:pkix@ietf.org>
List-Subscribe: <mailto:pkix-join@ietf.org>
List-Unsubscribe: <mailto:pkix-leave@ietf.org>
Caution: dead horse beating ahead. On 3 Mar 2026, at 12:02, Tim Hollebeek wrote: > Right, but for an errata to be appropriate, the original text has to actually be "in error", not just that "some of us would write something different if we were writing it today". I actually find the comment very useful, as it correctly indicates that these EKUs were in fact intended primarily for web usage at the time the document was written. "intended primarily for web usage" was true in RFC 2459 in 1999. It was much less true in RFC 3280 and then RFC 5280. Also, note that the definition says nothing about "intended primarily for". > I've actually suggested a few times that we should fix the situation by having two new EKUs (one for WebPKI and one for non-web), but there are drawbacks to that approach, and it should be a new RFC draft, not an errata. While I fully agree with "should be a new RFC", I think that RFC should likely be titled "EKUs Considered Meaningless" and should deprecate the EKUs, not add to the confusion. --Paul Hoffman
- [pkix] [Technical Errata Reported] RFC5280 (8789) RFC Errata System
- [pkix] Re: [Technical Errata Reported] RFC5280 (8… Paul Hoffman
- [pkix] Re: [Technical Errata Reported] RFC5280 (8… Sean Turner
- [pkix] Re: [Technical Errata Reported] RFC5280 (8… Michael StJohns
- [pkix] Re: [Technical Errata Reported] RFC5280 (8… Tim Hollebeek
- [pkix] Re: [Technical Errata Reported] RFC5280 (8… Paul Hoffman
- [pkix] Re: [Technical Errata Reported] RFC5280 (8… Tim Hollebeek
- [pkix] Re: [Technical Errata Reported] RFC5280 (8… Paul Hoffman
- [pkix] Re: [Technical Errata Reported] RFC5280 (8… Deb Cooley
- [pkix] Re: [Technical Errata Reported] RFC5280 (8… StJohns, Michael
- [pkix] Re: [Technical Errata Reported] RFC5280 (8… Deb Cooley
- [pkix] Re: [Technical Errata Reported] RFC5280 (8… Paul Wouters