[sidr] [Technical Errata Reported] RFC6487 (4080)
RFC Errata System <rfc-editor@rfc-editor.org> Wed, 13 August 2014 00:26 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50F211A0AE4 for <sidr@ietfa.amsl.com>; Tue, 12 Aug 2014 17:26:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.57
X-Spam-Level:
X-Spam-Status: No, score=-102.57 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cc_BxDaUxs3P for <sidr@ietfa.amsl.com>; Tue, 12 Aug 2014 17:26:50 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1900:3001:11::31]) by ietfa.amsl.com (Postfix) with ESMTP id 0AD0E1A0A8B for <sidr@ietf.org>; Tue, 12 Aug 2014 17:26:50 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id C7BF8180015; Tue, 12 Aug 2014 17:25:01 -0700 (PDT)
To: gih@apnic.net, ggm@apnic.net, robertl@apnic.net, akatlas@gmail.com, adrian@olddog.co.uk, morrowc@ops-netman.net, sandy@tislabs.com
X-PHP-Originating-Script: 6000:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Message-Id: <20140813002501.C7BF8180015@rfc-editor.org>
Date: Tue, 12 Aug 2014 17:25:01 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/sidr/GApeMh5I1MLr9D11TIvXAZ3pX_A
Cc: rfc-editor@rfc-editor.org, sidr@ietf.org
Subject: [sidr] [Technical Errata Reported] RFC6487 (4080)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Aug 2014 00:26:51 -0000
The following errata report has been submitted for RFC6487, "A Profile for X.509 PKIX Resource Certificates". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6487&eid=4080 -------------------------------------- Type: Technical Reported by: Sean Turner <turners@ieca.com> Section: 6.1.1 Original Text ------------- This field MAY be omitted. If present, the value of this field SHOULD be empty (i.e., NULL), in which case the CA MUST generate a subject name that is unique in the context of certificates issued by this CA. This field is allowed to be non-empty only for a re-key/reissuance request, and only if the CA has adopted a policy (in its Certificate Practice Statement (CPS)) that permits reuse of names in these circumstances. Corrected Text -------------- This field SHOULD be empty (i.e., NULL), in which case the CA MUST generate a subject name that is unique in the context of certificates issued by this CA. This field is allowed to be non-empty only for a re-key/reissuance request, and only if the CA has adopted a policy (in its Certificate Practice Statement (CPS)) that permits reuse of names in these circumstances. Notes ----- Submitted after consultation with the responsible AD and WG chairs. The subject field included in the PKCS#10 request can't be omitted because the ASN.1 in RFC 2986 doesnât allow subject to be omitted - thereâs no âOPTIONALâ in the ASN.1: CertificationRequestInfo ::= SEQUENCE { version INTEGER { v1(0) } (v1,...), subject Name, subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, attributes [0] Attributes{{ CRIAttributes }} } In other words, four fields are included in every certificate request. If thereâs no subject field itâs a NULL (see RFC5280 for omitting subjects) and if thereâs no attributes itâs an empty sequence. version and subjectPKInfo (subject public key information) are always present. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6487 (draft-ietf-sidr-res-certs-22) -------------------------------------- Title : A Profile for X.509 PKIX Resource Certificates Publication Date : February 2012 Author(s) : G. Huston, G. Michaelson, R. Loomans Category : PROPOSED STANDARD Source : Secure Inter-Domain Routing Area : Routing Stream : IETF Verifying Party : IESG
- [sidr] [Technical Errata Reported] RFC6487 (4080) RFC Errata System
- Re: [sidr] [Technical Errata Reported] RFC6487 (4… Geoff Huston
- [sidr] [Errata Verified] RFC6487 (4080) RFC Errata System