[pkix] [Editorial Errata Reported] RFC3279 (6672)
RFC Errata System <rfc-editor@rfc-editor.org> Wed, 01 September 2021 01:41 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 290E13A1785 for <pkix@ietfa.amsl.com>; Tue, 31 Aug 2021 18:41:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s3BsJLVI6W6F for <pkix@ietfa.amsl.com>; Tue, 31 Aug 2021 18:40:56 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A3003A1783 for <pkix@ietf.org>; Tue, 31 Aug 2021 18:40:56 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id 687A2F40772; Tue, 31 Aug 2021 18:40:35 -0700 (PDT)
To: rfc-editor@rfc-editor.org
X-PHP-Originating-Script: 1005:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: hablutzel1@gmail.com, tim.polk@nist.gov, rhousley@rsasecurity.com, lbassham@nist.gov, pkix@ietf.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20210901014035.687A2F40772@rfc-editor.org>
Date: Tue, 31 Aug 2021 18:40:35 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/vLo8pTF5ioi34StRa3m9w2Vq-Ms>
Subject: [pkix] [Editorial Errata Reported] RFC3279 (6672)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Sep 2021 01:41:01 -0000
The following errata report has been submitted for RFC3279, "Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid6672 -------------------------------------- Type: Editorial Reported by: Jaime Hablutzel <hablutzel1@gmail.com> Section: 2.3.5 Original Text ------------- If the keyUsage extension is present in a CA or CRL issuer certificate which conveys an elliptic curve public key, any combination of the following values MAY be present: digitalSignature; nonRepudiation; and keyAgreement. If the keyAgreement value is present, either of the following values MAY be present: encipherOnly; and decipherOnly. The keyUsage extension MUST NOT assert both encipherOnly and decipherOnly. If the keyUsage extension is present in a CA certificate which conveys an elliptic curve public key, any combination of the following values MAY be present: digitalSignature; nonRepudiation; keyAgreement; keyCertSign; and cRLSign. Corrected Text -------------- If the keyUsage extension is present in an end entity certificate which conveys an elliptic curve public key, any combination of the following values MAY be present: digitalSignature; nonRepudiation; and keyAgreement. If the keyAgreement value is present, either of the following values MAY be present: encipherOnly; and decipherOnly. The keyUsage extension MUST NOT assert both encipherOnly and decipherOnly. If the keyUsage extension is present in a CA or CRL issuer certificate which conveys an elliptic curve public key, any combination of the following values MAY be present: digitalSignature; nonRepudiation; keyAgreement; keyCertSign; and cRLSign. Notes ----- - "a CA or CRL issuer certificate" is replaced by "an end entity certificate" - "CA certificate" is replaced by "CA or CRL issuer certificate" The need for this correction can be confirmed from RFC 5480, "3. Key Usage Bits". Corrected wording has been copied from the section "2.3.1 RSA Keys" of this RFC 3279 itself. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC3279 (draft-ietf-pkix-ipki-pkalgs-05) -------------------------------------- Title : Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile Publication Date : April 2002 Author(s) : L. Bassham, W. Polk, R. Housley Category : PROPOSED STANDARD Source : Public-Key Infrastructure (X.509) Area : Security Stream : IETF Verifying Party : IESG
- [pkix] [Editorial Errata Reported] RFC3279 (6672) RFC Errata System