IETF Logo Mail Archive

Re: [sidr] Fwd: [Errata Rejected] RFC6487 (3168)

Andrew Chi <achi@bbn.com> Mon, 06 May 2013 15:03 UTC

Return-Path: <achi@bbn.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B0FD21F93EB for <sidr@ietfa.amsl.com>; Mon, 6 May 2013 08:03:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6eg0DaI1As4o for <sidr@ietfa.amsl.com>; Mon, 6 May 2013 08:03:07 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 4C3E121F93EF for <sidr@ietf.org>; Mon, 6 May 2013 08:03:06 -0700 (PDT)
Received: from dhcp89-089-010.bbn.com ([128.89.89.10]:54365 helo=[127.0.0.1]) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <achi@bbn.com>) id 1UZMwR-000Muw-2D; Mon, 06 May 2013 11:03:03 -0400
Message-ID: <5187C623.7070600@bbn.com>
Date: Mon, 06 May 2013 11:02:59 -0400
From: Andrew Chi <achi@bbn.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: stbryant@cisco.com
References: <20130506122439.12042B1E003@rfc-editor.org> <5187A268.5010703@cisco.com>
In-Reply-To: <5187A268.5010703@cisco.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "sidr-chairs@tools.ietf.org" <sidr-chairs@tools.ietf.org>, sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] Fwd: [Errata Rejected] RFC6487 (3168)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 May 2013 15:03:12 -0000

Is this really a technical change?  The document has two places that 
state X, and one place (citing 5280) that states Y.  This erratum 
replaces the Y statement with X.  All implementers have already 
implemented X since it's the stricter form of Y.

X = no other extensions are allowed
Y = non-critical extensions MAY be ignored

If this truly is a technical change, then we should have an update doc. 
  But I'm just trying to minimize needless words.

Andrew

On 5/6/2013 8:30 AM, Stewart Bryant wrote:
>
> Whilst this change was supported by one author and one of the chairs,
> it is a technical change and thus outside the scope of change
> permitted in an errata.
>
> The correct approach is for a member of the WG to produce a
> short update draft and test that this has WG and IETF consensus.
>
> Please can the chairs drive this process.
>
> - Stewart
>
>
> -------- Original Message --------
> Subject: 	[Errata Rejected] RFC6487 (3168)
> Date: 	Mon, 6 May 2013 05:24:39 -0700
> From: 	RFC Errata System <rfc-editor@rfc-editor.org>
> To: 	<dmandelb@bbn.com>, <gih@apnic.net>, <ggm@apnic.net>,
> <robertl@apnic.net>
> CC: 	<stbryant@cisco.com>, <iesg@ietf.org>, <rfc-editor@rfc-editor.org>
>
>
>
> The following errata report has been rejected for RFC6487,
> "A Profile for X.509 PKIX Resource Certificates".
>
> --------------------------------------
> You may review the report below and at:
> http://www.rfc-editor.org/errata_search.php?rfc=6487&eid=3168
>
> --------------------------------------
> Status: Rejected
> Type: Technical
>
> Reported by: David Mandelberg<dmandelb@bbn.com>
> Date Reported: 2012-03-26
> Rejected by: Stewart Bryant (IESG)
>
> Section: 4.8
>
> Original Text
> -------------
>     or non-critical.  A certificate-using system MUST reject the
>
>     certificate if it encounters a critical extension it does not
>
>     recognize; however, a non-critical extension MAY be ignored if it is
>
>     not recognized [RFC5280].
>
> Corrected Text
> --------------
>     or non-critical.  A certificate-using system MUST reject the
>
>     certificate if it encounters an extension not explicitly mentioned
>
>     in this document.  This is in contrast to RFC 5280 which allows
>
>     non-critical extensions to be ignored.
>
> Notes
> -----
> Other sections of the same document contradict the original section 4.8:
>
>
>
> Section 1:
>
>
>
>     Any extensions not explicitly mentioned MUST be absent.  The same
>
>     applies to the CRLs used in the RPKI, that are also profiled in this
>
>     document.
>
>
>
> Section 8:
>
>
>
>     Certificate Extensions:
>
>           This profile does not permit the use of any other critical or
>
>           non-critical extensions.
>   --VERIFIER NOTES--
>     This is a technical change to the RFC and needs to be addressed though the IETF consensus process and rather than via the errata process.
>
> --------------------------------------
> RFC6487 (draft-ietf-sidr-res-certs-22)
> --------------------------------------
> Title               : A Profile for X.509 PKIX Resource Certificates
> Publication Date    : February 2012
> Author(s)           : G. Huston, G. Michaelson, R. Loomans
> Category            : PROPOSED STANDARD
> Source              : Secure Inter-Domain Routing
> Area                : Routing
> Stream              : IETF
> Verifying Party     : IESG
>
> .
>
>
>
>
>
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr
>

v2.23.0 | Report a Bug | By Email