IETF Logo Mail Archive

[pkix] Re: [Technical Errata Reported] RFC5280 (8789)

"StJohns, Michael" <msj@nthpermutation.com> Tue, 03 March 2026 22:37 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: pkix@mail2.ietf.org
Delivered-To: pkix@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 05C25C3C2BF7 for <pkix@mail2.ietf.org>; Tue, 3 Mar 2026 14:37:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=nthpermutation-com.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gX6XqgPVrlhw for <pkix@mail2.ietf.org>; Tue, 3 Mar 2026 14:37:06 -0800 (PST)
Received: from mail-yw1-x1131.google.com (mail-yw1-x1131.google.com [IPv6:2607:f8b0:4864:20::1131]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 61CFCC3C2BF0 for <pkix@ietf.org>; Tue, 3 Mar 2026 14:37:06 -0800 (PST)
Received: by mail-yw1-x1131.google.com with SMTP id 00721157ae682-7986e0553b0so54572537b3.2 for <pkix@ietf.org>; Tue, 03 Mar 2026 14:37:06 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1772577420; cv=none; d=google.com; s=arc-20240605; b=du2M0MWg0X3hf609CvOGgoQKYJBfK0PyCsluolLc4OvjGFwdwBmV0h6Xc4j6uNXg7b gdFb+GiJa4upjOcgSdtlr0yoUJ6osMOZ5okCqUW7zQAWSpfzxhoBykhf2Sn4bVRwExAJ iQWDut+EEOlLQkfpRcgBhqYO0Q3HddRKPpuBKUQPp+ATEmZ9QLwclKyXAwVGz4mOVZDh ++Ct0t5Ny3jZomfXYis9vr4UV5I9XwPE1Jqf5vuUCjCPOua6XYee+xqkJ2PHEOC0K9Sz /CAe6GijMfbD/gNgNtmnZcQ6QKwBrR5plo/TAHnjdkxXI6wP+RMtsXzmEaWpwWRMamYQ 5w8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=mH0yNA7ZYUqrVWRMgq7/fF0gMNSe5vOzB+CKyXqqPGk=; fh=MxHEF52HYGlEuey+IWwiMR9EXxRkxmiewO6Jv0GhkgA=; b=aaU5pjCp+mEmLI3cQ8T2o0VNhDf3JEbQi2WwvL1C7j8YxnAd7choVHNSmfoXINODc3 Lriw3nycMpTb93q/eBVJyOQPgzcSYNf/C4FejP2yZegq0I/7jJ7CPF0dlQL7O8NnQfXF gb8botMf2IHdF2W3L3Y66+ty6wKkaO1wjIkkDAmfN7yYOb6V96P3v4Sg1dNRnyOEWu6E 5nvwiwqU5I0VZwMyFN9oYsKxhYpxK5hc68ChxeIy+dKqQkSMfb3gE0Czl/5dkoRTmYRW yKZW5VPypT601QSiCIJmbgF6KAz9LEzTnBVFS+VBFxG5sLhvk5pqz0UPWVLh3fmwWv1t vEDg==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20230601.gappssmtp.com; s=20230601; t=1772577420; x=1773182220; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=mH0yNA7ZYUqrVWRMgq7/fF0gMNSe5vOzB+CKyXqqPGk=; b=M4+Hb/1IjJdkujrj3heFQ53EyUt3OVxuyOIjPBuvo1KuS90IG3gJT5Gs8oXevQnFzZ nXMEkh984K/ULnHajXyZQ36YdzhtZRe2QW3eJG/sXy3UnNRVOJkbg2tD/kdtLk9jBA14 +8nmKOT7IUQoWFhrTcG03MJMUsJ6nL/gMzDVA8trTy27vTSjjIQ2y35eKjxFqvt4C2Ln C/msKwGwMs58ul+bGrN7TbvAPTgzMH1Cma/IYVeH2N4mzvdZE73bR7mF8No+2dz9Ls72 NlffOe2pByE0JfKnctJjggrTBeLGNL2urfIcupPUEaUDGl4bZ3Hc9GLNEuUNiJaymxnp u6WQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772577420; x=1773182220; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=mH0yNA7ZYUqrVWRMgq7/fF0gMNSe5vOzB+CKyXqqPGk=; b=DbwhyaBlyFDG/CmPpibFukSYey1qVDDY7M3Uya41F/oy7ZSMirjtU+HGdNr+q5m81M iApRR+j8OzHkuG6YEyQ5+sbsbuFYPCV/7TjTk5pNTQVhUW5gH/boC4+JaYfx4L9G5MKC gi1OPVkgmUt1WJj8cL64sGVAWf9LCGEMWjKnrIB6R/Gdujge/cSr+grhs+sRIi/1uIY9 2ccOXAnWAkGXLwofaELrdW1ePtMuMOFg0NAMp7fTZvVbOl+a7Eo00i0zMb3V2LxZtefR ogtnt2vDJ2CaljIyRdDTxdY5cfv0PQeGX9WJxSFtoaYjy+bf3a2VlZfX7BADZQkJ1XUf ckrg==
X-Gm-Message-State: AOJu0YyEjwYLERxFQejJ5r2kvgAkucI6bj2RwxRptDxmk3rXyjDgPIdb VUSsSlh4F1+ZALR5dkiM4K9rJD2+O0mw8CU8byAXcINFqfctOQxi2w4vSjGw/ZJfKpHkIJjE3jH cZG404Mj+aym6LAAqV/e+0q3FPFrFncQYqy7+jv8VSg==
X-Gm-Gg: ATEYQzzlIqaXY9GzZ9ICW8TKK1Hc0IvBiBcr/sDflnL/G7Dfvisu/VarhdD4KOkUn4L 1AOwRzIGsB87vbyrtUXiGKG9xdAHuZnDXq0T0lV73PH/h7p6wLIJRHXt0JlXtlu0kdEfSBebHHX I+JInljE9gZF9zAMExwAPbR2n+seHy941NEApDUdJCBe+TNiuaviRQw3QrD4wAe6HpEYWABi/6n DHDK/sIRJDsMh2xudQnStaf6s3UVwVAs9zQmIQy8cYYP486ESMf3emMPJnB5q7oxHkhXPOh/m3u rzufwFNf
X-Received: by 2002:a05:690c:c4f9:b0:798:25b:3694 with SMTP id 00721157ae682-798c6b8989amr326817b3.1.1772577419720; Tue, 03 Mar 2026 14:36:59 -0800 (PST)
MIME-Version: 1.0
References: <20260228012810.26368C000CC4@rfcpa.rfc-editor.org> <8946F689-00A0-4ED7-8570-E4A9A907B954@proper.com> <AB8DC100-40AF-43BF-BC66-B3EBDD95C3E9@sn3rd.com> <d6728fcc-52a2-4db0-9023-e8e95d645597@nthpermutation.com> <SN7PR14MB649277FF0B9F8D7824393895837FA@SN7PR14MB6492.namprd14.prod.outlook.com> <A401E4EB-3DEC-4BE4-9EC3-C62989C073C1@proper.com> <SN7PR14MB64921CE6FA13887EEB080F75837FA@SN7PR14MB6492.namprd14.prod.outlook.com> <258B4A1C-5638-4B64-8F9F-9ABB3B158D68@proper.com> <CAGgd1OeTnRBSWgb05osCkTVRJowmDjnZCozm9mY_r0HHbHW1UQ@mail.gmail.com>
In-Reply-To: <CAGgd1OeTnRBSWgb05osCkTVRJowmDjnZCozm9mY_r0HHbHW1UQ@mail.gmail.com>
From: "StJohns, Michael" <msj@nthpermutation.com>
Date: Tue, 03 Mar 2026 17:36:48 -0500
X-Gm-Features: AaiRm50s07rFPUh9OP7shTvq9JRCSfsiRo7GlkPuPQue-OTakOBMi56EMzSGRSQ
Message-ID: <CANeU+ZCaMZ5Qk1it2sAvZ_722G0a0-S1_ek4-=CRHq_EPL3OMQ@mail.gmail.com>
To: Deb Cooley <debcooley1@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000708941064c265732"
Message-ID-Hash: 5N6VRGXYI54WLGRLJDUI3ZHGGA76FL75
X-Message-ID-Hash: 5N6VRGXYI54WLGRLJDUI3ZHGGA76FL75
X-MailFrom: msj@nthpermutation.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-pkix.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: pkix@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [pkix] Re: [Technical Errata Reported] RFC5280 (8789)
List-Id: PKIX Working Group <pkix.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/qor7WkxOOOj7qnj2ctpUYWPDRf0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Owner: <mailto:pkix-owner@ietf.org>
List-Post: <mailto:pkix@ietf.org>
List-Subscribe: <mailto:pkix-join@ietf.org>
List-Unsubscribe: <mailto:pkix-leave@ietf.org>

Change the current one to rejected - duplicate.  Leave the other one alone.


Neither errata has any meaningful real world impact however they’re
resolved.

Mike

On Tue, Mar 3, 2026 at 17:33 Deb Cooley <debcooley1@gmail.com> wrote:

> And as Corey has pointed out I validated the same basic text (errata 5802)
> back in 2024.
>
> So now we have the same basic hunk of text both 'validated' and 'HFDU'.
> That's fantastic.
>
> Deb
>
> On Tue, Mar 3, 2026 at 3:15 PM Paul Hoffman <phoffman@proper.com> wrote:
>
>> Caution: dead horse beating ahead.
>>
>> On 3 Mar 2026, at 12:02, Tim Hollebeek wrote:
>>
>> > Right, but for an errata to be appropriate, the original text has to
>> actually be "in error", not just that "some of us would write something
>> different if we were writing it today". I actually find the comment very
>> useful, as it correctly indicates that these EKUs were in fact intended
>> primarily for web usage at the time the document was written.
>>
>> "intended primarily for web usage" was true in RFC 2459 in 1999. It was
>> much less true in RFC 3280 and then RFC 5280. Also, note that the
>> definition says nothing about "intended primarily for".
>>
>> > I've actually suggested a few times that we should fix the situation by
>> having two new EKUs (one for WebPKI and one for non-web), but there are
>> drawbacks to that approach, and it should be a new RFC draft, not an errata.
>>
>> While I fully agree with "should be a new RFC", I think that RFC should
>> likely be titled "EKUs Considered Meaningless" and should deprecate the
>> EKUs, not add to the confusion.
>>
>> --Paul Hoffman
>>
>> _______________________________________________
>> pkix mailing list -- pkix@ietf.org
>> To unsubscribe send an email to pkix-leave@ietf.org
>>
> _______________________________________________
> pkix mailing list -- pkix@ietf.org
> To unsubscribe send an email to pkix-leave@ietf.org
>

v2.40.3 | Report a Bug | By Email | System Status