Re: [sidr] [Technical Errata Reported] RFC6487 (3168)
Robert Loomans <robertl@apnic.net> Mon, 26 March 2012 22:59 UTC
Return-Path: <robertl@apnic.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F54221F8575 for <sidr@ietfa.amsl.com>; Mon, 26 Mar 2012 15:59:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tP6PvRrFHKgT for <sidr@ietfa.amsl.com>; Mon, 26 Mar 2012 15:59:05 -0700 (PDT)
Received: from asmtp.apnic.net (asmtp.apnic.net [IPv6:2001:dc0:2001:11::199]) by ietfa.amsl.com (Postfix) with ESMTP id 3F70221F8573 for <sidr@ietf.org>; Mon, 26 Mar 2012 15:59:04 -0700 (PDT)
Received: from [IPv6:2001:dc0:a000:4:6c83:8760:30d3:5600] (unknown [IPv6:2001:dc0:a000:4:6c83:8760:30d3:5600]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by asmtp.apnic.net (Postfix) with ESMTP id 0F577B66CC; Tue, 27 Mar 2012 08:59:03 +1000 (EST)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: multipart/signed; boundary="Apple-Mail=_CE8E8A12-C808-423E-B9EE-395F17C97AC8"; protocol="application/pkcs7-signature"; micalg="sha1"
From: Robert Loomans <robertl@apnic.net>
In-Reply-To: <20120326204137.31F0BB1E003@rfc-editor.org>
Date: Tue, 27 Mar 2012 08:59:02 +1000
Message-Id: <AB11A9E6-4E83-4095-A2F1-938520186679@apnic.net>
References: <20120326204137.31F0BB1E003@rfc-editor.org>
To: RFC Errata System <rfc-editor@rfc-editor.org>
X-Mailer: Apple Mail (2.1257)
Cc: Sandra.Murphy@sparta.com, morrowc@ops-netman.net, sidr@ietf.org, ggm@apnic.net
Subject: Re: [sidr] [Technical Errata Reported] RFC6487 (3168)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Mar 2012 22:59:06 -0000
I believe this errata is accurate: the intention was to limit extensions to only those mentioned in RFC. Rob On 27/03/2012, at 06:41, RFC Errata System wrote: > The following errata report has been submitted for RFC6487, > "A Profile for X.509 PKIX Resource Certificates". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=6487&eid=3168 > > -------------------------------------- > Type: Technical > Reported by: David Mandelberg <dmandelb@bbn.com> > > Section: 4.8 > > Original Text > ------------- > or non-critical. A certificate-using system MUST reject the > certificate if it encounters a critical extension it does not > recognize; however, a non-critical extension MAY be ignored if it is > not recognized [RFC5280]. > > Corrected Text > -------------- > or non-critical. A certificate-using system MUST reject the > certificate if it encounters an extension not explicitly mentioned > in this document. This is in contrast to RFC 5280 which allows > non-critical extensions to be ignored. > > Notes > ----- > Other sections of the same document contradict the original section 4.8: > > Section 1: > > Any extensions not explicitly mentioned MUST be absent. The same > applies to the CRLs used in the RPKI, that are also profiled in this > document. > > Section 8: > > Certificate Extensions: > This profile does not permit the use of any other critical or > non-critical extensions. > > Instructions: > ------------- > This errata is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party (IESG) > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC6487 (draft-ietf-sidr-res-certs-22) > -------------------------------------- > Title : A Profile for X.509 PKIX Resource Certificates > Publication Date : February 2012 > Author(s) : G. Huston, G. Michaelson, R. Loomans > Category : PROPOSED STANDARD > Source : Secure Inter-Domain Routing > Area : Routing > Stream : IETF > Verifying Party : IESG -- Robert Loomans email: robertl@apnic.net Senior Software Engineer, APNIC sip: robertl@voip.apnic.net http://www.apnic.net/ phone: +61 7 3858 3100
- [sidr] [Technical Errata Reported] RFC6487 (3168) RFC Errata System
- Re: [sidr] [Technical Errata Reported] RFC6487 (3… Robert Loomans
- Re: [sidr] [Technical Errata Reported] RFC6487 (3… Geoff Huston
- Re: [sidr] [Technical Errata Reported] RFC6487 (3… Murphy, Sandra
- Re: [sidr] [Technical Errata Reported] RFC6487 (3… Murphy, Sandra
- [sidr] Fwd: [Errata Rejected] RFC6487 (3168) Stewart Bryant
- Re: [sidr] Fwd: [Errata Rejected] RFC6487 (3168) Andrew Chi
- Re: [sidr] [Errata Rejected] RFC6487 (3168) Danny McPherson
- Re: [sidr] [Errata Rejected] RFC6487 (3168) Stewart Bryant