[sidr] [Technical Errata Reported] RFC7935 (5737)

RFC Errata System <rfc-editor@rfc-editor.org> Fri, 24 May 2019 17:05 UTC

Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9ACFC12016C for <sidr@ietfa.amsl.com>; Fri, 24 May 2019 10:05:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3--VDC3IOARz for <sidr@ietfa.amsl.com>; Fri, 24 May 2019 10:05:15 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44F6B120130 for <sidr@ietf.org>; Fri, 24 May 2019 10:05:15 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id C8670B80CFA; Fri, 24 May 2019 10:04:50 -0700 (PDT)
To: gih@apnic.net, ggm@apnic.net, db3546@att.com, aretana.ietf@gmail.com, martin.vigoureux@nokia.com, morrowc@ops-netman.net, sandy@tislabs.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: ydahhrk@gmail.com, sidr@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset=UTF-8
Message-Id: <20190524170450.C8670B80CFA@rfc-editor.org>
Date: Fri, 24 May 2019 10:04:50 -0700 (PDT)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/4BJ8TQ9X2BxVVmoz-7iV0uXcipw>
Subject: [sidr] [Technical Errata Reported] RFC7935 (5737)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 May 2019 17:05:17 -0000

The following errata report has been submitted for RFC7935,
"The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata/eid5737

--------------------------------------
Type: Technical
Reported by: Alberto Leiva Popper <ydahhrk@gmail.com>;

Section: 3.1

Original Text
-------------
algorithm (which is an AlgorithmIdentifier type):
   The object identifier for RSA PKCS #1 v1.5 with SHA-256 MUST be
   used in the algorithm field, as specified in Section 5 of
   [RFC4055].  The value for the associated parameters from that
   clause MUST also be used for the parameters field.

Corrected Text
--------------
algorithm (which is an AlgorithmIdentifier type):
   The object identifier for RSA (rsaEncryption) MUST be used for the
   algorithm field, as specified in Section 3.2 of [RFC3370]. The value
   for the associated parameters from that clause MUST also be used for
   the parameters field.

Notes
-----
The field described in the paragraph belongs to a public key. The way I understand it, particularly due to the inclusion of a digest, "RSA PKCS #1 v1.5 with SHA-256" (sha256WithRSAEncryption) is not really a public key algorithm identifier; it's a signature algorithm identifier.

(Courtesy of Russ Housley) rsaEncryption also allows the public key to be used with PKCS#1 v1.5, RSASSA-PSS, and RSAES-OAEP.

All existing RPKI readers and writers that I've seen, as well as the global RPKI repository certificates themselves, currently use rsaEncryption as the public key algorithm of subjectPublicKeyInfo. Therefore, this change should also reflect existing practice.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
can log in to change the status and edit the report, if necessary. 

--------------------------------------
RFC7935 (draft-ietf-sidr-rfc6485bis-05)
--------------------------------------
Title               : The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure
Publication Date    : August 2016
Author(s)           : G. Huston, G. Michaelson, Ed.
Category            : PROPOSED STANDARD
Source              : Secure Inter-Domain Routing
Area                : Routing
Stream              : IETF
Verifying Party     : IESG