IETF Logo Mail Archive

Re: [pkix] [Technical Errata Reported] RFC5280 (5876)

Stefan Santesson <stefan@aaa-sec.com> Wed, 16 October 2019 12:45 UTC

Return-Path: <stefan@aaa-sec.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DF52120962 for <pkix@ietfa.amsl.com>; Wed, 16 Oct 2019 05:45:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1FRN-WlXDdE3 for <pkix@ietfa.amsl.com>; Wed, 16 Oct 2019 05:45:23 -0700 (PDT)
Received: from smtp2.outgoing.loopia.se (smtp2.outgoing.loopia.se [93.188.3.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 722B7120959 for <pkix@ietf.org>; Wed, 16 Oct 2019 05:45:22 -0700 (PDT)
Received: from s807.loopia.se (localhost [127.0.0.1]) by s807.loopia.se (Postfix) with ESMTP id C8ADD2E5348A for <pkix@ietf.org>; Wed, 16 Oct 2019 14:45:18 +0200 (CEST)
Received: from s499.loopia.se (unknown [172.22.191.5]) by s807.loopia.se (Postfix) with ESMTP id DCE832E4D1DB; Wed, 16 Oct 2019 14:38:11 +0200 (CEST)
Received: from s474.loopia.se (unknown [172.22.191.5]) by s499.loopia.se (Postfix) with ESMTP id BA9961CDAEF2; Wed, 16 Oct 2019 14:38:11 +0200 (CEST)
X-Virus-Scanned: amavisd-new at amavis.loopia.se
Received: from s645.loopia.se ([172.22.191.5]) by s474.loopia.se (s474.loopia.se [172.22.190.14]) (amavisd-new, port 10024) with LMTP id EZcVI87EnB-h; Wed, 16 Oct 2019 14:38:11 +0200 (CEST)
X-Loopia-Auth: user
X-Loopia-User: mailstore2@aaa-sec.com
X-Loopia-Originating-IP: 85.235.7.89
Received: from [192.168.1.218] (gw.aaa-sec.ideon.se [85.235.7.89]) (Authenticated sender: mailstore2@aaa-sec.com) by s645.loopia.se (Postfix) with ESMTPSA id AA50D156E47A; Wed, 16 Oct 2019 14:38:10 +0200 (CEST)
User-Agent: Microsoft-MacOutlook/10.1d.0.190908
Date: Wed, 16 Oct 2019 14:38:09 +0200
From: Stefan Santesson <stefan@aaa-sec.com>
To: Russ Housley <housley@vigilsec.com>, "Roman D. Danyliw" <rdd@cert.org>, Ben Kaduk <kaduk@mit.edu>
CC: IETF PKIX <pkix@ietf.org>, dwmw2@infradead.org
Message-ID: <15A00F6E-B7FB-4862-8959-70230FA30970@aaa-sec.com>
Thread-Topic: [pkix] [Technical Errata Reported] RFC5280 (5876)
References: <20191016084514.3BC17B80C25@rfc-editor.org> <A32FF6CD-0AA5-4D23-B72F-57DCFCC0DF41@vigilsec.com>
In-Reply-To: <A32FF6CD-0AA5-4D23-B72F-57DCFCC0DF41@vigilsec.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/jEbdlDp4pkusrIpfAZgE9TFZ3ZU>
Subject: Re: [pkix] [Technical Errata Reported] RFC5280 (5876)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2019 12:45:34 -0000

I agree

Stefan Santesson 

On 2019-10-16, 14:22, "pkix on behalf of Russ Housley" <pkix-bounces@ietf.org on behalf of housley@vigilsec.com> wrote:

    I am unaware of this causing any trouble with implementation, so I think this should be set to "held for document update".
    
    Russ
    
    
    > On Oct 16, 2019, at 4:45 AM, RFC Errata System <rfc-editor@rfc-editor.org> wrote:
    > 
    > The following errata report has been submitted for RFC5280,
    > "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile".
    > 
    > --------------------------------------
    > You may review the report below and at:
    > https://www.rfc-editor.org/errata/eid5876
    > 
    > --------------------------------------
    > Type: Technical
    > Reported by: David Woodhouse <dwmw2@infradead.org>
    > 
    > Section: 4.2.1.6
    > 
    > Original Text
    > -------------
    > 
    >   When the subjectAltName extension contains an iPAddress, the address
    >   MUST be stored in the octet string in "network byte order", as
    >   specified in [RFC791]. 
    > 
    > Corrected Text
    > --------------
    > 
    >   When the subjectAltName extension contains an IP address, the address
    >   MUST be stored in the iPAddress (an octet string). The address 
    >   MUST be stored in the octet string in "network byte order", as
    >   specified in [RFC791]. 
    > 
    > Notes
    > -----
    > For email addresses and domain names, this section is very prescriptive:
    > 
    >   When the subjectAltName extension contains an Internet mail address,
    >   the address MUST be stored in the rfc822Name. 
    > ...
    >   When the subjectAltName extension contains a domain name system
    >   label, the domain name MUST be stored in the dNSName…
    > 
    > However, for IP addresses, it's possible to interpret the current wording as saying that *if* you happen to choose the iPAddress form for an IP address, then you must represent that as big-endian. I suspect this was a poor choice of wording and the intent was to say that you MUST use the iPAddress form for an IP address.
    > 
    > Instructions:
    > -------------
    > This erratum is currently posted as "Reported". If necessary, please
    > use "Reply All" to discuss whether it should be verified or
    > rejected. When a decision is reached, the verifying party  
    > can log in to change the status and edit the report, if necessary. 
    > 
    > --------------------------------------
    > RFC5280 (draft-ietf-pkix-rfc3280bis-11)
    > --------------------------------------
    > Title               : Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
    > Publication Date    : May 2008
    > Author(s)           : D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk
    > Category            : PROPOSED STANDARD
    > Source              : Public-Key Infrastructure (X.509)
    > Area                : Security
    > Stream              : IETF
    > Verifying Party     : IESG
    
    _______________________________________________
    pkix mailing list
    pkix@ietf.org
    https://www.ietf.org/mailman/listinfo/pkix

v2.23.0 | Report a Bug | By Email