The following errata report has been submitted for RFC8555, "Automatic Certificate Management Environment (ACME)".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7565 -------------------------------------- Type: Technical Reported by: Paul Breed <[email protected]> Section: 8.1 Original Text ------------- The "Thumbprint" step indicates the computation specified in [RFC7638], using the SHA-256 digest [FIPS180-4]. As noted in [RFC7518] any prepended zero octets in the fields of a JWK object MUST be stripped before doing the computation. Corrected Text -------------- The "Thumbprint" step indicates the computation specified in [RFC7638], using the SHA-256 digest [FIPS180-4]. As noted in [RFC7518] any additional prepended zero octets in the fields of a JWK object MUST be stripped before doing the computation. Fixed length fields such as found in ECDSA keys should be their natural length and leading zero octets should not be stripped. Notes ----- This comment was really aimed at the leading 0 octet sometimes used with RSA, but the comment is not RSA specific. ECDSA keys can have fixed length fields (X,Y) where there can be leading zeros. This led me astray in implementing an ECDSA thumbprint routine for ACME. The result was that 1/128 ECDSA keys failed to generate t humbp[rint as leading zeros were removed. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC8555 (draft-ietf-acme-acme-18) -------------------------------------- Title : Automatic Certificate Management Environment (ACME) Publication Date : March 2019 Author(s) : R. Barnes, J. Hoffman-Andrews, D. McCarney, J. Kasten Category : PROPOSED STANDARD Source : Automated Certificate Management Environment Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
