[pkix] [Errata Held for Document Update] RFC5280 (4274)
RFC Errata System <rfc-editor@rfc-editor.org> Wed, 25 March 2015 21:16 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57FEC1A044F; Wed, 25 Mar 2015 14:16:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.912
X-Spam-Level:
X-Spam-Status: No, score=-106.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o1BjP24rlx24; Wed, 25 Mar 2015 14:16:21 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) by ietfa.amsl.com (Postfix) with ESMTP id 6C39B1A87C9; Wed, 25 Mar 2015 14:16:21 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id 8A904180472; Wed, 25 Mar 2015 14:14:49 -0700 (PDT)
To: i.matveychikov@securitycode.ru, david.cooper@nist.gov, stefans@microsoft.com, stephen.farrell@cs.tcd.ie, sharon.boeyen@entrust.com, housley@vigilsec.com, wpolk@nist.gov
X-PHP-Originating-Script: 1005:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Message-Id: <20150325211449.8A904180472@rfc-editor.org>
Date: Wed, 25 Mar 2015 14:14:49 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/iOo88p0757K7eRZA4BxyQSSDoeg>
X-Mailman-Approved-At: Thu, 26 Mar 2015 08:44:27 -0700
Cc: pkix@ietf.org, Kathleen.Moriarty@emc.com, iesg@ietf.org, rfc-editor@rfc-editor.org
Subject: [pkix] [Errata Held for Document Update] RFC5280 (4274)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Mar 2015 21:16:23 -0000
The following errata report has been held for document update for RFC5280, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=5280&eid=4274 -------------------------------------- Status: Held for Document Update Type: Editorial Reported by: Ilya V. Matveychikov <i.matveychikov@securitycode.ru> Date Reported: 2015-02-19 Held by: Kathleen Moriarty (IESG) Section: A.1 Original Text ------------- -- Naming attributes of type X520CommonName: -- X520CommonName ::= DirectoryName (SIZE (1..ub-common-name)) ... -- Naming attributes of type X520LocalityName: -- X520LocalityName ::= DirectoryName (SIZE (1..ub-locality-name)) ... -- Naming attributes of type X520StateOrProvinceName: -- X520StateOrProvinceName ::= DirectoryName (SIZE (1..ub-state-name)) ... -- Naming attributes of type X520OrganizationName: -- X520OrganizationName ::= -- DirectoryName (SIZE (1..ub-organization-name)) ... -- Naming attributes of type X520OrganizationalUnitName: -- X520OrganizationalUnitName ::= -- DirectoryName (SIZE (1..ub-organizational-unit-name)) ... -- Naming attributes of type X520Title: -- X520Title ::= DirectoryName (SIZE (1..ub-title)) ... -- Naming attributes of type X520Pseudonym: -- X520Pseudonym ::= DirectoryName (SIZE (1..ub-pseudonym)) Corrected Text -------------- -- Naming attributes of type X520CommonName: -- X520CommonName ::= DirectoryString (SIZE (1..ub-common-name)) ... -- Naming attributes of type X520LocalityName: -- X520LocalityName ::= DirectoryString (SIZE (1..ub-locality-name)) ... -- Naming attributes of type X520StateOrProvinceName: -- X520StateOrProvinceName ::= -- DirectoryString (SIZE (1..ub-state-name)) ... -- Naming attributes of type X520OrganizationName: -- X520OrganizationName ::= -- DirectoryString (SIZE (1..ub-organization-name)) ... -- Naming attributes of type X520OrganizationalUnitName: -- X520OrganizationalUnitName ::= -- DirectoryString (SIZE (1..ub-organizational-unit-name)) ... -- Naming attributes of type X520Title: -- X520Title ::= DirectoryString (SIZE (1..ub-title)) ... -- Naming attributes of type X520Pseudonym: -- X520Pseudonym ::= DirectoryString (SIZE (1..ub-pseudonym)) Notes ----- Appendix B. ASN.1 Notes says that: For many of the attribute types defined in [X.520], the AttributeValue uses the DirectoryString type. Of the attributes specified in Appendix A, the name, surname, givenName, initials, generationQualifier, commonName, localityName, stateOrProvinceName, organizationName, organizationalUnitName, title, and pseudonym attributes all use the DirectoryString type. X.520 uses a parameterized type definition [X.683] of DirectoryString to specify the syntax for each of these attributes. The parameter is used to indicate the maximum string length allowed for the attribute. In Appendix A, in order to avoid the use of parameterized type definitions, the DirectoryString type is written in its expanded form for the definition of each of these attribute types. So, the ASN.1 in Appendix A describes the syntax for each of these attributes as being a CHOICE of TeletexString, PrintableString, UniversalString, UTF8String, and BMPString, with the appropriate constraints on the string length applied to each of the types in the CHOICE, rather than using the ASN.1 type DirectoryString to describe the syntax. There is nothing about DirectoryName type here. So comments in ASN.1 in A.1 are wrong and DirectoryName should be fixed to DirectoryString. >From Expert PKIX reviewers: The errata calls for changing "DirectoryName" to "DirectoryString" in the comments of the ASN.1. Nobody seems to disagree with this correction. This message triggered a lot of discussion about whether to remove the string size limits. That discussion ended with consensus to retain the size limits. -------------------------------------- RFC5280 (draft-ietf-pkix-rfc3280bis-11) -------------------------------------- Title : Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile Publication Date : May 2008 Author(s) : D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk Category : PROPOSED STANDARD Source : Public-Key Infrastructure (X.509) Area : Security Stream : IETF Verifying Party : IESG
- [pkix] [Errata Held for Document Update] RFC5280 … RFC Errata System
- [pkix] [Editorial Errata Reported] RFC5280 (4274) RFC Errata System
- Re: [pkix] [Editorial Errata Reported] RFC5280 (4… Stefan Santesson
- Re: [pkix] [Editorial Errata Reported] RFC5280 (4… Carl Wallace
- Re: [pkix] [Editorial Errata Reported] RFC5280 (4… Carl Wallace
- Re: [pkix] [Editorial Errata Reported] RFC5280 (4… Martin Rex
- Re: [pkix] [Editorial Errata Reported] RFC5280 (4… Stefan Santesson
- Re: [pkix] [Editorial Errata Reported] RFC5280 (4… Erik Andersen
- [pkix] FW: [Editorial Errata Reported] RFC5280 (4… Sharon Boeyen
- Re: [pkix] [Editorial Errata Reported] RFC5280 (4… Stephen Kent
- Re: [pkix] [Editorial Errata Reported] RFC5280 (4… Jeremy Rowley
- Re: [pkix] [Editorial Errata Reported] RFC5280 (4… Carl Wallace
- Re: [pkix] [Editorial Errata Reported] RFC5280 (4… Jeremy Rowley