[pkix] [Errata Held for Document Update] RFC4210 (5731)
RFC Errata System <rfc-editor@rfc-editor.org> Wed, 27 April 2022 02:04 UTC
Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50519C1D0B23; Tue, 26 Apr 2022 19:04:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.647
X-Spam-Level:
X-Spam-Status: No, score=-1.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.248, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D6888pNBu8d3; Tue, 26 Apr 2022 19:03:57 -0700 (PDT)
Received: from rfcpa.amsl.com (rfc-editor.org [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86F3CC1D0B17; Tue, 26 Apr 2022 19:03:57 -0700 (PDT)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 64990289F7; Tue, 26 Apr 2022 19:03:57 -0700 (PDT)
To: lijun.liao@gmail.com, cadams@site.uottawa.ca, stephen.farrell@cs.tcd.ie, toka@ssh.com, tmononen@safenet-inc.com
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: rdd@cert.org, iesg@ietf.org, pkix@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20220427020357.64990289F7@rfcpa.amsl.com>
Date: Tue, 26 Apr 2022 19:03:57 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/f-Cp_8q9AvMNLzfYuAuEyOkpK7M>
Subject: [pkix] [Errata Held for Document Update] RFC4210 (5731)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Apr 2022 02:04:01 -0000
The following errata report has been held for document update for RFC4210, "Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP)". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid5731 -------------------------------------- Status: Held for Document Update Type: Technical Reported by: Lijun Liao <lijun.liao@gmail.com> Date Reported: 2019-05-22 Held by: Roman Danyliw (IESG) Section: GLOBAL Original Text ------------- N/A Corrected Text -------------- N/A Notes ----- In appendixes D.4, D.5, E.5 and E.6, the recipient field of requests and the sender field of responses are specified as "the name of the CA". It is no problem for CA which signs the CMP response. However, as best practice, the CA's private key which is used to sign the certificates, is NOT RECOMMENDED to sign/decrypt the communication messages. In this case, another entity (private key + certificate) is used to decrypt the incoming messages and sign the outgoing ones. The text and comment for the fields "recipient" in requests and "sender" in responses need to be corrected to the case described above. If you think the original text and comment are correct, then we need instruction on how to handle this case. -------------------------------------- RFC4210 (draft-ietf-pkix-rfc2510bis-09) -------------------------------------- Title : Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP) Publication Date : September 2005 Author(s) : C. Adams, S. Farrell, T. Kause, T. Mononen Category : PROPOSED STANDARD Source : Public-Key Infrastructure (X.509) Area : Security Stream : IETF Verifying Party : IESG
- [pkix] [Errata Held for Document Update] RFC4210 … RFC Errata System
- Re: [pkix] [Errata Held for Document Update] RFC4… Carlisle Adams
- Re: [pkix] [Errata Held for Document Update] RFC4… Roman Danyliw