Re: [pkix] [Editorial Errata Reported] RFC5280 (7634)
Rebecca VanRheenen <rvanrheenen@amsl.com> Wed, 08 November 2023 22:11 UTC
Return-Path: <rvanrheenen@amsl.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94B78C15153F for <pkix@ietfa.amsl.com>; Wed, 8 Nov 2023 14:11:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.907
X-Spam-Level:
X-Spam-Status: No, score=-6.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tGuhDzHAHN0R for <pkix@ietfa.amsl.com>; Wed, 8 Nov 2023 14:11:31 -0800 (PST)
Received: from c8a.amsl.com (c8a.amsl.com [4.31.198.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA87BC151547 for <pkix@ietf.org>; Wed, 8 Nov 2023 14:11:31 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by c8a.amsl.com (Postfix) with ESMTP id 98A20424B42C; Wed, 8 Nov 2023 14:11:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from c8a.amsl.com ([127.0.0.1]) by localhost (c8a.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a0AfbLvNIova; Wed, 8 Nov 2023 14:11:31 -0800 (PST)
Received: from [IPv6:2601:641:300:5fb0:b8ca:44d3:49fd:1cd1] (unknown [IPv6:2601:641:300:5fb0:b8ca:44d3:49fd:1cd1]) by c8a.amsl.com (Postfix) with ESMTPSA id 583A3424B42A; Wed, 8 Nov 2023 14:11:31 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Rebecca VanRheenen <rvanrheenen@amsl.com>
In-Reply-To: <20230908211555.33D6BE5EA7@rfcpa.amsl.com>
Date: Wed, 08 Nov 2023 14:11:30 -0800
Cc: ietf@nharper.org, david.cooper@nist.gov, stefans@microsoft.com, Stephen Farrell <stephen.farrell@cs.tcd.ie>, sharon.boeyen@entrust.com, Russ Housley <housley@vigilsec.com>, wpolk@nist.gov, pkix@ietf.org, RFC Editor <rfc-editor@rfc-editor.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <C41016D8-2DAD-4099-8DB5-D6328FF7750F@amsl.com>
References: <20230908211555.33D6BE5EA7@rfcpa.amsl.com>
To: Paul Wouters <paul.wouters@aiven.io>, Roman Danyliw <rdd@cert.org>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/XqCItWRXdh_f3tnCKg90Dy9Ov4g>
Subject: Re: [pkix] [Editorial Errata Reported] RFC5280 (7634)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Nov 2023 22:11:36 -0000
Hi Paul and Roman, We are unable to verify this erratum that the submitter marked as editorial. Please note that we have changed the “Type” of the following errata report to “Technical”. As Stream Approver, please review and set the Status and Type accordingly (see the definitions at https://www.rfc-editor.org/errata-definitions/). You may review the report at: https://www.rfc-editor.org/errata/eid7634 Please see https://www.rfc-editor.org/how-to-verify/ for further information on how to verify errata reports. Further information on errata can be found at: https://www.rfc-editor.org/errata.php. Note that we are sending this to you both as ADs of the Security Area as the pkix Working Group has closed. Thank you. RFC Editor/rv > On Sep 8, 2023, at 2:15 PM, RFC Errata System <rfc-editor@rfc-editor.org> wrote: > > The following errata report has been submitted for RFC5280, > "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid7634 > > -------------------------------------- > Type: Editorial > Reported by: Nick Harper <ietf@nharper.org> > > Section: 4.1 > > Original Text > ------------- > Certificate ::= SEQUENCE { > tbsCertificate TBSCertificate, > signatureAlgorithm AlgorithmIdentifier, > signatureValue BIT STRING } > > Corrected Text > -------------- > Certificate ::= SEQUENCE { > tbsCertificate TBSCertificate, > signatureAlgorithm AlgorithmIdentifier, > signature BIT STRING } > > Notes > ----- > The definition in section 4.1 disagrees with the definition in appendix A.1 (page 116) on whether the name of the field containing the signature is "signatureValue" or "signature". This error appears in RFC 3280 and RFC 2459 as well. > > The versions of X.509 in force when RFCs 2459, 3280, and 5280 were published use neither of those names. (Those versions of X.509 considered a signature to be an encrypted hash and called the field "encrypted".) The current version, ITU-T X.509 (10/2019), defines this field to be "signature" in section 6.2.1. (X.509 defines the Certificate type using a component type of SIGNATURE, which has two fields named "algorithmIdentifier" and "signature".) > > In addition to changing the field name in the definition of the Certificate type in section 4.1, the title and text of subsection 4.1.1.3 should be updated to replace "signatureValue" with "signature". > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC5280 (draft-ietf-pkix-rfc3280bis-11) > -------------------------------------- > Title : Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile > Publication Date : May 2008 > Author(s) : D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk > Category : PROPOSED STANDARD > Source : Public-Key Infrastructure (X.509) > Area : Security > Stream : IETF > Verifying Party : IESG >
- [pkix] [Editorial Errata Reported] RFC5280 (7634) RFC Errata System
- Re: [pkix] [Editorial Errata Reported] RFC5280 (7… Russ Housley
- Re: [pkix] [Editorial Errata Reported] RFC5280 (7… Rebecca VanRheenen