[pkix] [Technical Errata Reported] RFC5280 (7661)
RFC Errata System <rfc-editor@rfc-editor.org> Thu, 28 September 2023 13:10 UTC
Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3D85C14CE45 for <pkix@ietfa.amsl.com>; Thu, 28 Sep 2023 06:10:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.533
X-Spam-Level:
X-Spam-Status: No, score=0.533 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, RDNS_NONE=0.793, SPF_HELO_SOFTFAIL=0.732, SPF_SOFTFAIL=0.665, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BjwR60QStsZy for <pkix@ietfa.amsl.com>; Thu, 28 Sep 2023 06:10:37 -0700 (PDT)
Received: from rfcpa.amsl.com (unknown [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F919C15108C for <pkix@ietf.org>; Thu, 28 Sep 2023 06:10:37 -0700 (PDT)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id D1CD013BB505; Thu, 28 Sep 2023 06:10:36 -0700 (PDT)
To: david.cooper@nist.gov, stefans@microsoft.com, stephen.farrell@cs.tcd.ie, sharon.boeyen@entrust.com, housley@vigilsec.com, wpolk@nist.gov, rdd@cert.org, paul.wouters@aiven.io, kent@bbn.com, stefan@aaa-sec.com
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: ben.strauss@dell.com, pkix@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20230928131036.D1CD013BB505@rfcpa.amsl.com>
Date: Thu, 28 Sep 2023 06:10:36 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/rkJU-kWrJNTniS81x9Qjqf7WEkY>
Subject: [pkix] [Technical Errata Reported] RFC5280 (7661)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Sep 2023 13:10:41 -0000
The following errata report has been submitted for RFC5280, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7661 -------------------------------------- Type: Technical Reported by: Benjamin Strauss <ben.strauss@dell.com> Section: 3.5 Original Text ------------- (g) cross-certification: Two CAs exchange information used in establishing a cross-certificate. A cross-certificate is a certificate issued by one CA to another CA that contains a CA signature key used for issuing certificates. Corrected Text -------------- (g) cross-certification: Two CAs exchange information used in establishing a cross-certificate. Notes ----- The removed sentence is factually inaccurate and misleading: "A cross-certificate is a certificate issued by one CA to another CA that contains a CA signature key used for issuing certificates." A "signature key used for issuing certificates" would be a private key. A certificate simply does not contain a private key. A definition of "cross-certificate" for the purpose of this RFC is already provided in section 3.2, so there is no point in elaborating here. (The definition given in section 3.2 conflicts with the narrower, and more generally used, definition given in RFC 4949, but that is beside the point.) Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC5280 (draft-ietf-pkix-rfc3280bis-11) -------------------------------------- Title : Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile Publication Date : May 2008 Author(s) : D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk Category : PROPOSED STANDARD Source : Public-Key Infrastructure (X.509) Area : Security Stream : IETF Verifying Party : IESG
- [pkix] [Technical Errata Reported] RFC5280 (7661) RFC Errata System
- Re: [pkix] [Technical Errata Reported] RFC5280 (7… Russ Housley
- Re: [pkix] [Technical Errata Reported] RFC5280 (7… David A. Cooper