[pkix] [Errata Held for Document Update] RFC4055 (5199)

RFC Errata System <rfc-editor@rfc-editor.org> Sun, 18 March 2018 15:29 UTC

Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2095126BF7; Sun, 18 Mar 2018 08:29:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BZcqTjxoq7-1; Sun, 18 Mar 2018 08:29:19 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14F3E126E01; Sun, 18 Mar 2018 08:29:19 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id 50FF8B80FB0; Sun, 18 Mar 2018 08:29:13 -0700 (PDT)
To: bernd-2017@eckenfels.net, jimsch@exmsft.com, bkaliski@rsasecurity.com, housley@vigilsec.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: Kathleen.Moriarty.ietf@gmail.com, iesg@ietf.org, pkix@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset=UTF-8
Message-Id: <20180318152913.50FF8B80FB0@rfc-editor.org>
Date: Sun, 18 Mar 2018 08:29:13 -0700 (PDT)
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/kEpvrEdIOJgr-SE4mkXz3IXlrvw>
Subject: [pkix] [Errata Held for Document Update] RFC4055 (5199)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Mar 2018 15:29:21 -0000

The following errata report has been held for document update 
for RFC4055, "Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile". 

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata/eid5199

--------------------------------------
Status: Held for Document Update
Type: Editorial

Reported by: Bernd Eckenfels <bernd-2017@eckenfels.net>
Date Reported: 2017-12-05
Held by: Kathleen Moriarty (IESG)

Section: 4.1

Original Text
-------------
The pSourceFunc field identifies the source (and possibly the value)
of the encoding parameters, commonly called P.

Corrected Text
--------------
The pSourceFunc field identifies the source (and possibly the value)
of the encoding parameters, commonly called P. (Note: it is referred
to as label L in [P1v2.1], and it is referred to as
P throughout [P1v2.0],
although the ASN.1 structures in both document use the letter “p”.)

Notes
-----
There is no place where P is linked to the parameter name L as used in
referenced [P1v2.1]
Per Burt Kaliski (and edited by Russ Housley):
"""
The text in Sec. 4.1 of RFC4055 including the syntax of RSAES-OAEP-params largely follows Sec. 11.2.1 of RFC2437 (PKCS #1 v2.0), which uses the term “encoding parameters P”, rather than the Sec. A.2.1 of RFC3447 (PKCS #1 v2.1), which uses the term “label L”.  (RFC3560, the CMS profile for these algorithms, similarly follows RFC2437.)
 
RFC3447 acknowledges that “In previous versions of this specification, the term ‘encoding parameters’ was used”.  Given that RFC4055 inserts “commonly called” before RFC2437’s “P”, it appears that RFC4055 is attempting to bridge between RFC3447 and RFC2437.
"""

I observe that RFC 2437, RFC 3447, and RFC 4055 all use the same ASN.1 structure for RSAES-OAEP-params.  While the description of RSAES-OAEP in [P1v2.1] uses "L" instead of "P", this change in terminology did not carry through to the ASN.1 structure.

I think that this should not be classified as a technical errata.  Perhaps a better text would be:

   The pSourceFunc field identifies the source (and possibly the value)
   of the encoding parameters, commonly called P. (Note: it is referred
   to as label L in Section 7.1.1 of [P1v2.1], and it is referred to as P
   throughout [P1v2.0] and Section A.2.1 of [P1v2.1].)

   [P1v2.0] = RFC 2437

I don’t see an error here, so I think the corrected errata should be approved as editorial.

--------------------------------------
RFC4055 (draft-ietf-pkix-rsa-pkalgs-03)
--------------------------------------
Title               : Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
Publication Date    : June 2005
Author(s)           : J. Schaad, B. Kaliski, R. Housley
Category            : PROPOSED STANDARD
Source              : Public-Key Infrastructure (X.509)
Area                : Security
Stream              : IETF
Verifying Party     : IESG