[pkix] [Technical Errata Reported] RFC6844 (5244)
RFC Errata System <rfc-editor@rfc-editor.org> Fri, 26 January 2018 17:06 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82220129C6E for <pkix@ietfa.amsl.com>; Fri, 26 Jan 2018 09:06:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uTOinyNOxPu4 for <pkix@ietfa.amsl.com>; Fri, 26 Jan 2018 09:06:47 -0800 (PST)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1489126BF0 for <pkix@ietf.org>; Fri, 26 Jan 2018 09:06:47 -0800 (PST)
Received: by rfc-editor.org (Postfix, from userid 30) id 9D481B81DCF; Fri, 26 Jan 2018 09:06:29 -0800 (PST)
To: philliph@comodo.com, rob.stradling@comodo.com, Kathleen.Moriarty.ietf@gmail.com, ekr@rtfm.com, kent@bbn.com, stefan@aaa-sec.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: cbonnell@trustwave.com, pkix@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20180126170629.9D481B81DCF@rfc-editor.org>
Date: Fri, 26 Jan 2018 09:06:29 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/jsXgTfhYJGZnmy17Cr4ImyZPmVk>
Subject: [pkix] [Technical Errata Reported] RFC6844 (5244)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jan 2018 17:06:49 -0000
The following errata report has been submitted for RFC6844, "DNS Certification Authority Authorization (CAA) Resource Record". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata/eid5244 -------------------------------------- Type: Technical Reported by: Corey Bonnell <cbonnell@trustwave.com> Section: 5.2 Original Text ------------- CAA authorizations are additive; thus, the result of specifying both the empty issuer and a specified issuer is the same as specifying just the specified issuer alone. Corrected Text -------------- CAA authorizations are additive; thus, the result of specifying both the empty issuer and a specified issuer is the same as specifying just the specified issuer alone. A non-empty CAA record set that does not contain an issue property tag is authorization to any certificate issuer to issue for the corresponding domain, provided that no records in the CAA record set otherwise prohibit issuance. Notes ----- The current wording in the RFC does not clearly state how non-empty CAA record sets which do not contain any "issue" property tags should be handled in terms of whether or not such record sets authorize issuance. The additional wording clarifies the correct handling of this case. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6844 (draft-ietf-pkix-caa-15) -------------------------------------- Title : DNS Certification Authority Authorization (CAA) Resource Record Publication Date : January 2013 Author(s) : P. Hallam-Baker, R. Stradling Category : PROPOSED STANDARD Source : Public-Key Infrastructure (X.509) Area : Security Stream : IETF Verifying Party : IESG
- [pkix] [Technical Errata Reported] RFC6844 (5244) RFC Errata System
- Re: [pkix] [Technical Errata Reported] RFC6844 (5… Corey Bonnell