IETF Logo Mail Archive

Re: [sidr] [Technical Errata Reported] RFC6487 (3168)

"Murphy, Sandra" <Sandra.Murphy@sparta.com> Tue, 27 March 2012 06:42 UTC

Return-Path: <Sandra.Murphy@sparta.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3131D21F8425 for <sidr@ietfa.amsl.com>; Mon, 26 Mar 2012 23:42:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.464
X-Spam-Level:
X-Spam-Status: No, score=-102.464 tagged_above=-999 required=5 tests=[AWL=0.135, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qPO5FH1H-6IH for <sidr@ietfa.amsl.com>; Mon, 26 Mar 2012 23:42:37 -0700 (PDT)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id 4197C21F8413 for <sidr@ietf.org>; Mon, 26 Mar 2012 23:42:37 -0700 (PDT)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.14.4/8.14.4) with ESMTP id q2R6gSjZ012941; Tue, 27 Mar 2012 01:42:28 -0500
Received: from Hermes.columbia.ads.sparta.com ([157.185.80.107]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id q2R6gREF002467; Tue, 27 Mar 2012 01:42:28 -0500
Received: from HERMES.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) by Hermes.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) with mapi id 14.01.0355.002; Tue, 27 Mar 2012 02:42:27 -0400
From: "Murphy, Sandra" <Sandra.Murphy@sparta.com>
To: Geoff Huston <gih@apnic.net>, RFC Errata System <rfc-editor@rfc-editor.org>
Thread-Topic: [Technical Errata Reported] RFC6487 (3168)
Thread-Index: AQHNC5EHeM1SdhjBTEK0yND38V+CWpZ9wJKA///xhi8=
Date: Tue, 27 Mar 2012 06:42:26 +0000
Message-ID: <24B20D14B2CD29478C8D5D6E9CBB29F60F6CA9F2@Hermes.columbia.ads.sparta.com>
References: <20120326204137.31F0BB1E003@rfc-editor.org>, <DCB9AD68-54C0-42BB-A938-678C9321B33B@apnic.net>
In-Reply-To: <DCB9AD68-54C0-42BB-A938-678C9321B33B@apnic.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.185.63.118]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "morrowc@ops-netman.net" <morrowc@ops-netman.net>, "sidr@ietf.org" <sidr@ietf.org>, "ggm@apnic.net" <ggm@apnic.net>
Subject: Re: [sidr] [Technical Errata Reported] RFC6487 (3168)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Mar 2012 06:42:38 -0000

Thank you, Geoff.   I agree.

--Sandy
________________________________________
From: Geoff Huston [gih@apnic.net]
Sent: Monday, March 26, 2012 11:33 PM
To: RFC Errata System
Cc: ggm@apnic.net; robertl@apnic.net; stbryant@cisco.com; adrian@olddog.co.uk; Murphy, Sandra; morrowc@ops-netman.net; dmandelb@bbn.com; sidr@ietf.org
Subject: Re: [Technical Errata Reported] RFC6487 (3168)

> This errata is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party (IESG)
> can log in to change the status and edit the report, if necessary.


verified.

Geoff


On 27/03/2012, at 7:41 AM, RFC Errata System wrote:

>
> The following errata report has been submitted for RFC6487,
> "A Profile for X.509 PKIX Resource Certificates".
>
> --------------------------------------
> You may review the report below and at:
> http://www.rfc-editor.org/errata_search.php?rfc=6487&eid=3168
>
> --------------------------------------
> Type: Technical
> Reported by: David Mandelberg <dmandelb@bbn.com>
>
> Section: 4.8
>
> Original Text
> -------------
>   or non-critical.  A certificate-using system MUST reject the
>   certificate if it encounters a critical extension it does not
>   recognize; however, a non-critical extension MAY be ignored if it is
>   not recognized [RFC5280].
>
> Corrected Text
> --------------
>   or non-critical.  A certificate-using system MUST reject the
>   certificate if it encounters an extension not explicitly mentioned
>   in this document.  This is in contrast to RFC 5280 which allows
>   non-critical extensions to be ignored.
>
> Notes
> -----
> Other sections of the same document contradict the original section 4.8:
>
> Section 1:
>
>   Any extensions not explicitly mentioned MUST be absent.  The same
>   applies to the CRLs used in the RPKI, that are also profiled in this
>   document.
>
> Section 8:
>
>   Certificate Extensions:
>         This profile does not permit the use of any other critical or
>         non-critical extensions.
>
> Instructions:
> -------------
> This errata is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party (IESG)
> can log in to change the status and edit the report, if necessary.
>
> --------------------------------------
> RFC6487 (draft-ietf-sidr-res-certs-22)
> --------------------------------------
> Title               : A Profile for X.509 PKIX Resource Certificates
> Publication Date    : February 2012
> Author(s)           : G. Huston, G. Michaelson, R. Loomans
> Category            : PROPOSED STANDARD
> Source              : Secure Inter-Domain Routing
> Area                : Routing
> Stream              : IETF
> Verifying Party     : IESG

--

Geoff Huston
Chief Scientist, APNIC

+61 7 3858 3100
gih@apnic.net

v2.23.0 | Report a Bug | By Email