Re: [sidr] [Technical Errata Reported] RFC6487 (4080)
Geoff Huston <gih@apnic.net> Wed, 13 August 2014 02:07 UTC
Return-Path: <gih@apnic.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CBBB1A6FAC for <sidr@ietfa.amsl.com>; Tue, 12 Aug 2014 19:07:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.459
X-Spam-Level:
X-Spam-Status: No, score=-102.459 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pu8QbLFlJZcv for <sidr@ietfa.amsl.com>; Tue, 12 Aug 2014 19:07:00 -0700 (PDT)
Received: from ao-mailgw.apnic.net (ao-mailgw.apnic.net [IPv6:2001:dd8:8:701::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A8611A6F9F for <sidr@ietf.org>; Tue, 12 Aug 2014 19:06:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.net; s=c3po; h=received:received:content-type:mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to:x-mailer:return-path; bh=kk6gfLUiDcy24uWCDMbwzBhL3azAbztekS7FAb8xKak=; b=IATRrFgLqec263Cv5HtMf9zf+vlbdksm6f8gMTqhHG4HIMZMnr4q34NQPwpbfFxd4McI/Vt+A6pv7 iuknlFSy6SBMrtmdzf6ZVLZ5aORe5pDSY6GutJ35nf9mObAJp8r5VtmFckiax1Oh63TwsvkeTde71Z iPHT35EVUEuVyVcs=
Received: from NXMDA1.org.apnic.net (unknown [203.119.101.249]) by ao-mailgw.apnic.net (Halon Mail Gateway) with ESMTPS; Wed, 13 Aug 2014 12:06:48 +1000 (EST)
Received: from app-svc-syd.canberra.aarnet.edu.au (203.119.101.249) by NXMDA1.org.apnic.net (203.119.107.11) with Microsoft SMTP Server (TLS) id 14.1.218.12; Wed, 13 Aug 2014 12:06:55 +1000
Content-Type: text/plain; charset="windows-1252"
MIME-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Geoff Huston <gih@apnic.net>
In-Reply-To: <20140813002501.C7BF8180015@rfc-editor.org>
Date: Wed, 13 Aug 2014 12:06:53 +1000
Content-Transfer-Encoding: quoted-printable
Message-ID: <F502E45B-AA3E-4155-AFEC-016BBBD90E35@apnic.net>
References: <20140813002501.C7BF8180015@rfc-editor.org>
To: RFC Errata System <rfc-editor@rfc-editor.org>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/sidr/RSmQF0AUtTo8-a0PDikiMLjJ_Ig
Cc: sidr@ietf.org, morrowc@ops-netman.net, robertl@apnic.net, sandy@tislabs.com, George Michaelson <ggm@apnic.net>
Subject: Re: [sidr] [Technical Errata Reported] RFC6487 (4080)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Aug 2014 02:07:03 -0000
I support verification of this Errata Report. Geoff On 13 Aug 2014, at 10:25 am, RFC Errata System <rfc-editor@rfc-editor.org> wrote: > The following errata report has been submitted for RFC6487, > "A Profile for X.509 PKIX Resource Certificates". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=6487&eid=4080 > > -------------------------------------- > Type: Technical > Reported by: Sean Turner <turners@ieca.com> > > Section: 6.1.1 > > Original Text > ------------- > This field MAY be omitted. If present, the value of this field > SHOULD be empty (i.e., NULL), in which case the CA MUST > generate a subject name that is unique in the context of > certificates issued by this CA. This field is allowed to be > non-empty only for a re-key/reissuance request, and only if the > CA has adopted a policy (in its Certificate Practice Statement > (CPS)) that permits reuse of names in these circumstances. > > Corrected Text > -------------- > This field > SHOULD be empty (i.e., NULL), in which case the CA MUST > generate a subject name that is unique in the context of > certificates issued by this CA. This field is allowed to be > non-empty only for a re-key/reissuance request, and only if the > CA has adopted a policy (in its Certificate Practice Statement > (CPS)) that permits reuse of names in these circumstances. > > > > Notes > ----- > Submitted after consultation with the responsible AD and WG chairs. > > The subject field included in the PKCS#10 request can't be omitted because the ASN.1 in RFC 2986 doesn’t allow subject to be omitted - there’s no “OPTIONAL” in the ASN.1: > > CertificationRequestInfo ::= SEQUENCE { > version INTEGER { v1(0) } (v1,...), > subject Name, > subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, > attributes [0] Attributes{{ CRIAttributes }} > } > > In other words, four fields are included in every certificate request. If there’s no subject field it’s a NULL (see RFC5280 for omitting subjects) and if there’s no attributes it’s an empty sequence. version and subjectPKInfo (subject public key information) are always present. > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party (IESG) > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC6487 (draft-ietf-sidr-res-certs-22) > -------------------------------------- > Title : A Profile for X.509 PKIX Resource Certificates > Publication Date : February 2012 > Author(s) : G. Huston, G. Michaelson, R. Loomans > Category : PROPOSED STANDARD > Source : Secure Inter-Domain Routing > Area : Routing > Stream : IETF > Verifying Party : IESG >
- [sidr] [Technical Errata Reported] RFC6487 (4080) RFC Errata System
- Re: [sidr] [Technical Errata Reported] RFC6487 (4… Geoff Huston
- [sidr] [Errata Verified] RFC6487 (4080) RFC Errata System