[stir] For the sake of implementers, please verify errata in a timely manner

[Marc Petit-Huguenin <marc@petit-huguenin.org>]

As an implementer, each non verified errata is more work because now I have to weight the validity of these unverified errata, make a decision, remember that decision and hope that it will not be overturned later (obviously I am talking about technical errata here).

RFC 8224 has already 5 erratum, all unverified.  In an effort to help get them to be verified, here are my personal implementation decisions on them:

1. https://www.rfc-editor.org/errata/eid5390

Valid.

2. https://www.rfc-editor.org/errata/eid5391

I disagree with this errata, i.e. the iat must be built from the Date header when available.  But another errata should clearly indicate that RFC 8224 overrides the text in RFC 7518 section 4.1.6.

3. https://www.rfc-editor.org/errata/eid5715

Valid

4. https://www.rfc-editor.org/errata/eid6499

My own errata, so I consider it valid, but I would suggest to also amend the first sentence of the second paragraph after the ABNF like this:

"The signed-identity-digest contains a PASSporT encoded as specified in [RFC8225], [...]"

5. https://www.rfc-editor.org/errata/eid6499

I disagree with that -- wrong examples, especially from another SDO, should not change normative text.   In itself adding quotes around a token is puzzling.  An additional unintended consequence is that quoted strings are case-sensitive, whereas tokens are case insensitive, so that may create an additional interop issue.

For these reason my implementation decision is to ignore that errata until it is verified.

-- 
Marc Petit-Huguenin
Email: marc@petit-huguenin.org
Blog: https://marc.petit-huguenin.org
Profile: https://www.linkedin.com/in/petithug