IETF Logo Mail Archive

[pkix] Re: [Technical Errata Reported] RFC5280 (8789)

Deb Cooley <debcooley1@gmail.com> Tue, 03 March 2026 22:33 UTC

Return-Path: <debcooley1@gmail.com>
X-Original-To: pkix@mail2.ietf.org
Delivered-To: pkix@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 25FEFC3C245C for <pkix@mail2.ietf.org>; Tue, 3 Mar 2026 14:33:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Level:
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P7tMKrkn05QC for <pkix@mail2.ietf.org>; Tue, 3 Mar 2026 14:33:25 -0800 (PST)
Received: from mail-dy1-x132e.google.com (mail-dy1-x132e.google.com [IPv6:2607:f8b0:4864:20::132e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id C75BDC3C2455 for <pkix@ietf.org>; Tue, 3 Mar 2026 14:33:25 -0800 (PST)
Received: by mail-dy1-x132e.google.com with SMTP id 5a478bee46e88-2b6b0500e06so7611958eec.1 for <pkix@ietf.org>; Tue, 03 Mar 2026 14:33:25 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1772577198; cv=none; d=google.com; s=arc-20240605; b=kdQyQJKc6SdCvMXB/gdF1aAX14fOw+QFNKw0u/vN3P/lJLjPjvrSCTEC0zs4EOYKfm KvffWmdxf4KdpCmJUw7kOP2mtXfE1QUa0b1x8PRiHGzHjkFNJVOhvh8uwhvLFEx5XiIJ SJpqjDKrIsG7n3xwfuNPPHAId/VFeP8mXUn39NdRdb2CxcDIuLaZO8uqo43X7hDKXHYg WZcjdg/vcTNiNEmKgwe/6++76byb2ystZuaQA467kj2I632SV7JqURC8fwdj/C+cOymj P3YN9Zh3e2OVGve+Id3ivgdOdWim4bFX/69y6s4Bvynsi5A1SjofHHg4hvTSFiujQHek vtMQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=pC5Sncz/fMtMf0V7ddpD7y7auvO8BPAqc0ett20Jdnw=; fh=7FogWheoJ1MY+4jOukTZys999hfmTf3Dyrr9r4omrj0=; b=EysZ6Y1mnYLdOScPGHtdPrrl8H/Ijhj6ZvTG+gSHY5kCmvmD8Yxk4dq3dbFq5qPoR3 3AkPTng48JQZzcTMQbRD3R5cuYstsMx8ocinsfQX2ZgJVTCVpIQfhGgJSjpjG81qkWKg VIvM2ATB7qm1DhPTab+ULePkzNDtB0cguhVFOFd9UALbLh89pOpAj03m2Z97v5YHS6CV w5Bgw7YEaFXekn2OzvcAVTG+H21rQcR6AYn/jmbYoW+z9sUbVio5UOIz/MjM64C4/eA7 /0jjBPXxl/Ctx8Uw6j8BHhmuJhFJxQLz5M47B5lmmW9tZ2Sf/f8a5UI+PXkfjyPC5gVe lP3g==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772577198; x=1773181998; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=pC5Sncz/fMtMf0V7ddpD7y7auvO8BPAqc0ett20Jdnw=; b=S0Hd4HocDfNObgZCbG5uw5n63txxv9a+CT7tikyJEvzhc76IzMcIkyAAw07Xf0nPN+ 2Gm4dhbf/XnJYjVkKu8xBM06QI4epj10Y+x8CCco4TGk9vvksyhN9Lf2WzGT7/l6NLkU ml2oEb2twZL9BHe3s6nv65EaV/fb33YyGUnUhPrKf6WC9RLTHy6xlC33ad7nQTXrG7+W UuKn8q7ITu0bZUUMUIEJKt2ix18jH4gq5QEMhXupzBG+yLun9Z35u1gfnQcaU8JcvWsQ cUSNDuGdZHpw/1rdVkUnvlq8wh7boKSgLxY1gVgt9ifr2hNU9OwFWFRMVmJtHG+T1kuh 0VTA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772577198; x=1773181998; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=pC5Sncz/fMtMf0V7ddpD7y7auvO8BPAqc0ett20Jdnw=; b=RXyBdKh8h5p1qcGHBNda6Q7C8n/r/YzRmMLag6uQbDmbbAw1O69x8+7p54XYmh0kI5 NcGj8IinEOr5kjqpYXBvRV0f8OpFCgj5rmrFmIiMehehUsrQdEYUx8Xma0RqHNHbwKv2 alUByl/D9Eifz1FrWl3gR9T2QkhbyK2sMAVnFvik2UmsHzlhuJnG6CSlTSny6EZs+JMN s6OIulJNq+7gR+C/tzxsXTZDJ10KbZlDJmAg/97oL0sbPckRndsaVZNiSGGqrNs6pMfO Y8QQNnkf7dSuE+T0MsuL0pv9v9Q4VLY6ZMZnrjwsAMNqGCIH0rI2/E9XBxQc4KgYwpY6 HRaA==
X-Gm-Message-State: AOJu0Yx1TgcYpeLa0FTKFyx7JGFk7mVBRQ+wPJl2RST401xS4kMaoGg4 P56dhc3iDrsUArcDpsD9QmR6TDPFQOhjHgroyc4shljA1yqm+p+LI0WWB8dSybiwg0nit99l4mP Bd/HGwB9BL7B9PU5SJvP6Jn1lcM5qKbmV/Z8=
X-Gm-Gg: ATEYQzwop+lig9LYmnJbHmjfXbET5Srh9QMktrFmxSd+8DrVfJSP2Nqj27Rt+n8KvJP +/Sbj52p+26f7qVXBGcDhATM9MFVjonBqrBUW07sCOt60VTD8na/4D6P7ADwFBPv0RscomV4+kG KGjX8H8ALwVPteyQ3PPsDbcQEQpdx+NoCqtVg5qy7B0IfTTgkjjgTHRFUKPoR75tzodIO/O7D7v C6lf2UTaFZawnNmzOhd7kDm4iaC7xIl2HDQQrDtQJrOx1Ldwz73I9xaRvUmWTqnsDPpqeB/Bfe5 7xxpeBOsuzsw6KYhrm8ANz0BidxhtEGmO5xjiGMYEnmAnsAxsRKMvzDA/CA6lEK9h4x7TD6g06L WCOCXNzpXADImDTcGEs6xAwvPnQ1577z//Co=
X-Received: by 2002:a05:693c:2c09:b0:2b0:48f7:837d with SMTP id 5a478bee46e88-2bde1bdba36mr6518493eec.11.1772577198280; Tue, 03 Mar 2026 14:33:18 -0800 (PST)
MIME-Version: 1.0
References: <20260228012810.26368C000CC4@rfcpa.rfc-editor.org> <8946F689-00A0-4ED7-8570-E4A9A907B954@proper.com> <AB8DC100-40AF-43BF-BC66-B3EBDD95C3E9@sn3rd.com> <d6728fcc-52a2-4db0-9023-e8e95d645597@nthpermutation.com> <SN7PR14MB649277FF0B9F8D7824393895837FA@SN7PR14MB6492.namprd14.prod.outlook.com> <A401E4EB-3DEC-4BE4-9EC3-C62989C073C1@proper.com> <SN7PR14MB64921CE6FA13887EEB080F75837FA@SN7PR14MB6492.namprd14.prod.outlook.com> <258B4A1C-5638-4B64-8F9F-9ABB3B158D68@proper.com>
In-Reply-To: <258B4A1C-5638-4B64-8F9F-9ABB3B158D68@proper.com>
From: Deb Cooley <debcooley1@gmail.com>
Date: Tue, 03 Mar 2026 17:33:06 -0500
X-Gm-Features: AaiRm52j_x4jQsNSWmZwAqa7kg-pJY-e0YkI35F69XTTYHyl4C-YpMXK4JUc6bA
Message-ID: <CAGgd1OeTnRBSWgb05osCkTVRJowmDjnZCozm9mY_r0HHbHW1UQ@mail.gmail.com>
To: pkix@ietf.org
Content-Type: multipart/alternative; boundary="0000000000003d94d1064c264a5d"
Message-ID-Hash: WYIU333LPB4IARM6L3VOCO3PZN3TM37J
X-Message-ID-Hash: WYIU333LPB4IARM6L3VOCO3PZN3TM37J
X-MailFrom: debcooley1@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-pkix.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [pkix] Re: [Technical Errata Reported] RFC5280 (8789)
List-Id: PKIX Working Group <pkix.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/cbcODFDKAA79unt8yuBXsTzHGsQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Owner: <mailto:pkix-owner@ietf.org>
List-Post: <mailto:pkix@ietf.org>
List-Subscribe: <mailto:pkix-join@ietf.org>
List-Unsubscribe: <mailto:pkix-leave@ietf.org>

And as Corey has pointed out I validated the same basic text (errata 5802)
back in 2024.

So now we have the same basic hunk of text both 'validated' and 'HFDU'.
That's fantastic.

Deb

On Tue, Mar 3, 2026 at 3:15 PM Paul Hoffman <phoffman@proper.com> wrote:

> Caution: dead horse beating ahead.
>
> On 3 Mar 2026, at 12:02, Tim Hollebeek wrote:
>
> > Right, but for an errata to be appropriate, the original text has to
> actually be "in error", not just that "some of us would write something
> different if we were writing it today". I actually find the comment very
> useful, as it correctly indicates that these EKUs were in fact intended
> primarily for web usage at the time the document was written.
>
> "intended primarily for web usage" was true in RFC 2459 in 1999. It was
> much less true in RFC 3280 and then RFC 5280. Also, note that the
> definition says nothing about "intended primarily for".
>
> > I've actually suggested a few times that we should fix the situation by
> having two new EKUs (one for WebPKI and one for non-web), but there are
> drawbacks to that approach, and it should be a new RFC draft, not an errata.
>
> While I fully agree with "should be a new RFC", I think that RFC should
> likely be titled "EKUs Considered Meaningless" and should deprecate the
> EKUs, not add to the confusion.
>
> --Paul Hoffman
>
> _______________________________________________
> pkix mailing list -- pkix@ietf.org
> To unsubscribe send an email to pkix-leave@ietf.org
>

v2.40.3 | Report a Bug | By Email | System Status