IETF Logo Mail Archive

[pkix] Re: [Technical Errata Reported] RFC5280 (8789)

Deb Cooley <debcooley1@gmail.com> Wed, 04 March 2026 14:21 UTC

Return-Path: <debcooley1@gmail.com>
X-Original-To: pkix@mail2.ietf.org
Delivered-To: pkix@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 06916C430BC1 for <pkix@mail2.ietf.org>; Wed, 4 Mar 2026 06:21:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Level:
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KYS0KmwCZO8f for <pkix@mail2.ietf.org>; Wed, 4 Mar 2026 06:21:29 -0800 (PST)
Received: from mail-dy1-x1329.google.com (mail-dy1-x1329.google.com [IPv6:2607:f8b0:4864:20::1329]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 458AFC430BAD for <pkix@ietf.org>; Wed, 4 Mar 2026 06:21:25 -0800 (PST)
Received: by mail-dy1-x1329.google.com with SMTP id 5a478bee46e88-2be1b5fe11cso3045875eec.0 for <pkix@ietf.org>; Wed, 04 Mar 2026 06:21:25 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1772634078; cv=none; d=google.com; s=arc-20240605; b=WZRenvcL7mNZFC/CIGAVJD++Cj+cfl6S0H/wqzH+QLVCO2gqMe8MMVW9wbxnLchgxm NbGApPCOZbAXkTpmJNwGlOchKcCMojUknOxsYeF55ILh9se75wUX1YozF9ZdD3gtAJlz ycGyT7sST5Ez5eqwyybmpV7jkte4Zr4s49QIEILwquASssZrziSCVLMPLOZvOE9c5VW6 9JQQ3zdtzr9WptAF+GHnzdHQQR/+1qDjI52ud/v2mxVL+0KgSircnlHSCM7FUf7y13qS ngfUbPyF38BpcP+Zq5JuU2JVIL9ujkwPq9uywVGT0KujtCXsbC/V9u7uBhOWS4aiINz0 qNJA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=Fxaf4ekFMAHl7qFDhN4+afk6AI2X4DAtMmiLIaGAs/M=; fh=MGPqf8glotxA1hFN7PDs7abF6RyaxfxEhSPNROlt9e0=; b=BXtWvxugY/39gvUtfc7u4Fpd0yL6rTrHbp26/oeM/s8ewdqaC2/wSz/iz4ya/cq7xi s03CzneBN+ixWceEyj2k8PjvJIRRperjcNsL6zII/OQZbSGJlUBI8Sw/HaVMUD85Sa6m tEY0ZfiqaK3q0u9eXYYylxZxS5TYdUW30DWmkQb/mXCMQFIZmkJhRSJ7yEdyXYSGn4fj MwfU6/0ruLR/p8hLHgVvE8vdho5yjdFLGko7dzmpE32PF04rP7W490MH/qIVWTEgaaDg 6+1uulF43FHfgCqGQSGScvkoYz225+z0d/JebdPoBAP5JdDGVv1N6vXBipoEjkP1YTRz w5DQ==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772634078; x=1773238878; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Fxaf4ekFMAHl7qFDhN4+afk6AI2X4DAtMmiLIaGAs/M=; b=cL5de1eC66dpiZ9GUO2VHEDme7mcdhYFjoFsvOdfxM2xHxTGZrbYR8qY+pKorlTDp8 HdpmF9hehiYdQWDwg3lucu9ek7Wj4PCnQ2Ea9HXynK5G9iDQOezCq+48aR+yWt3B6zGZ 6ICLf0to51Dc01nr7clHSLmGR7MejEfOWPmeVX4W/Q9+FEPcynRLzZA+IqDq5Qk96yNG bBv5l6ZmiBRIe0A2/Q+iym2mIPCMA6V7choMC4OMOUzIZB75/Js4hC9L1q4ih8tfPoV7 B1WDqRmgXMBUsFTkH/My0jM657d8FWonKl9gM4lfeAhqoouG5Vu8EDcCCVixJVW64Vom B3Hg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772634078; x=1773238878; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=Fxaf4ekFMAHl7qFDhN4+afk6AI2X4DAtMmiLIaGAs/M=; b=tSxwW6zngcFh3NbgC2ejOuSP0m7z3F++jVaLCavbOusvS43U76hkDqlhxZ7W9uQXvh KFzvd5s9TcVK2x6tXTfz4jxNslQdzd1BlDmd4pLzrVNSTUmEATVbJmaNUuFPJ8rtcdsA KCaMyqTXCdTRa3Lcc449hav1o1HEwxiSFUTYuiEQpRpLoeEvz7h6qtaijZNGRhTfFe6O BOMGEtuvKieR3tEEdKF85tuZsmaqAF421z31lQFs+K929fdsy2IAPP557gq9nXa4rsO+ B8KjRscDIz4su5NoQSOplNn+J9s7eZNQ8OtY0aS19LYB9O5GmhsbeZwm9T+13YjkfW5g 69Yw==
X-Gm-Message-State: AOJu0YyUsyPwM+H53xs1Eixb32DGEvTp5jmyi3+ThNDGw2j7Q6Dr0UIU yl9o4ZnkCYGpCcL9XHE6+S6vp7K2bq3o4hhDhYPtNQOtuIJBj2+CckNBtFPEA9lo+Hb7aEhUUzv N4Ki3Li3gqQTfBWAGr4zW+bj5GE6JKTsjmqU=
X-Gm-Gg: ATEYQzy+d4d0ICo4XC2JUEA+P7JabE/gHJ6rCZXe8UpgrqTgQkGAhvfFYaO7SVs5ZnD 247HSW7vAweBiLqlW23dySbTgje+bjqEgiDvx9WVFPgg5r/uD7ac4L5Bh1w/ep/zf0vUUb+PTMg bF+PKPVGbYMWro1Th0isYuBf68MVtJBV1+T8Elw2717VZenYtf2tDAXSrOi6w5JjtrT6L0h6sIc X85jUxQ5+P32byD4cKWeXqI8F1Fm9o7mkH8tXDzbpBGQZGhFUG2++M0YHR/+eNPG1PgbcEJwURI 8rjOokIdRn/Nwbl3ihKY+ivxkyrqastS28vS9BLH0+K927bDxMlWMCjtywxvNfgsk1cu4LulPX5 MsMb80EvYM3Kgqn/hWSf6nB69
X-Received: by 2002:a05:7301:1692:b0:2ba:8018:cc57 with SMTP id 5a478bee46e88-2be30ff08b9mr680056eec.11.1772634077896; Wed, 04 Mar 2026 06:21:17 -0800 (PST)
MIME-Version: 1.0
References: <20260228012810.26368C000CC4@rfcpa.rfc-editor.org> <8946F689-00A0-4ED7-8570-E4A9A907B954@proper.com> <AB8DC100-40AF-43BF-BC66-B3EBDD95C3E9@sn3rd.com> <d6728fcc-52a2-4db0-9023-e8e95d645597@nthpermutation.com> <SN7PR14MB649277FF0B9F8D7824393895837FA@SN7PR14MB6492.namprd14.prod.outlook.com> <A401E4EB-3DEC-4BE4-9EC3-C62989C073C1@proper.com> <SN7PR14MB64921CE6FA13887EEB080F75837FA@SN7PR14MB6492.namprd14.prod.outlook.com> <258B4A1C-5638-4B64-8F9F-9ABB3B158D68@proper.com> <CAGgd1OeTnRBSWgb05osCkTVRJowmDjnZCozm9mY_r0HHbHW1UQ@mail.gmail.com> <CANeU+ZCaMZ5Qk1it2sAvZ_722G0a0-S1_ek4-=CRHq_EPL3OMQ@mail.gmail.com>
In-Reply-To: <CANeU+ZCaMZ5Qk1it2sAvZ_722G0a0-S1_ek4-=CRHq_EPL3OMQ@mail.gmail.com>
From: Deb Cooley <debcooley1@gmail.com>
Date: Wed, 04 Mar 2026 09:21:07 -0500
X-Gm-Features: AaiRm52-KIGeCWFl1_ET-8btS-6mdnXeX_5VFrARVk-x6w2nE2dCwcs__5_u-Fc
Message-ID: <CAGgd1OeNdPfQizPt_wRn_hNJsSLiw=o0qZPdRu2pNA_pOr2HiQ@mail.gmail.com>
To: "StJohns, Michael" <msj@nthpermutation.com>
Content-Type: multipart/alternative; boundary="00000000000087a419064c33888e"
Message-ID-Hash: V5I2V3LP6K7I76I4BULFI57MYRUJ2GKQ
X-Message-ID-Hash: V5I2V3LP6K7I76I4BULFI57MYRUJ2GKQ
X-MailFrom: debcooley1@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-pkix.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: pkix@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [pkix] Re: [Technical Errata Reported] RFC5280 (8789)
List-Id: PKIX Working Group <pkix.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/SWrTTmdcrWplV1JyOgLdQ8o3ZLA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Owner: <mailto:pkix-owner@ietf.org>
List-Post: <mailto:pkix@ietf.org>
List-Subscribe: <mailto:pkix-join@ietf.org>
List-Unsubscribe: <mailto:pkix-leave@ietf.org>

This is what the RFC editor has done - deleted 8789 as a duplicate, and
left 5802 as validated.

They aren't sure why the duplicate slipped through.

Deb

On Tue, Mar 3, 2026 at 5:37 PM StJohns, Michael <msj@nthpermutation.com>
wrote:

> Change the current one to rejected - duplicate.  Leave the other one
> alone.
>
> Neither errata has any meaningful real world impact however they’re
> resolved.
>
> Mike
>
> On Tue, Mar 3, 2026 at 17:33 Deb Cooley <debcooley1@gmail.com> wrote:
>
>> And as Corey has pointed out I validated the same basic text (errata
>> 5802) back in 2024.
>>
>> So now we have the same basic hunk of text both 'validated' and 'HFDU'.
>> That's fantastic.
>>
>> Deb
>>
>> On Tue, Mar 3, 2026 at 3:15 PM Paul Hoffman <phoffman@proper.com> wrote:
>>
>>> Caution: dead horse beating ahead.
>>>
>>> On 3 Mar 2026, at 12:02, Tim Hollebeek wrote:
>>>
>>> > Right, but for an errata to be appropriate, the original text has to
>>> actually be "in error", not just that "some of us would write something
>>> different if we were writing it today". I actually find the comment very
>>> useful, as it correctly indicates that these EKUs were in fact intended
>>> primarily for web usage at the time the document was written.
>>>
>>> "intended primarily for web usage" was true in RFC 2459 in 1999. It was
>>> much less true in RFC 3280 and then RFC 5280. Also, note that the
>>> definition says nothing about "intended primarily for".
>>>
>>> > I've actually suggested a few times that we should fix the situation
>>> by having two new EKUs (one for WebPKI and one for non-web), but there are
>>> drawbacks to that approach, and it should be a new RFC draft, not an errata.
>>>
>>> While I fully agree with "should be a new RFC", I think that RFC should
>>> likely be titled "EKUs Considered Meaningless" and should deprecate the
>>> EKUs, not add to the confusion.
>>>
>>> --Paul Hoffman
>>>
>>> _______________________________________________
>>> pkix mailing list -- pkix@ietf.org
>>> To unsubscribe send an email to pkix-leave@ietf.org
>>>
>> _______________________________________________
>> pkix mailing list -- pkix@ietf.org
>> To unsubscribe send an email to pkix-leave@ietf.org
>>
>

v2.40.3 | Report a Bug | By Email | System Status