Greetings,
This errata reports a problem with Section 5.4/RFC 8995. Upon further review, we believe it should point to Section 5.5.4./RFC 8995. We have updated accordingly. Please let us know any concerns. Thank you. RFC Editor/cs > On Jul 26, 2021, at 7:29 PM, RFC Errata System <[email protected]> > wrote: > > The following errata report has been submitted for RFC8995, > "Bootstrapping Remote Secure Key Infrastructure (BRSKI)". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid6649 > > -------------------------------------- > Type: Technical > Reported by: Michael Richardson <[email protected]> > > Section: 5.4 > > Original Text > ------------- > Even when a domain CA is authenticated to the MASA, and there is > strong sales channel integration to understand who the legitimate > owner is, the above id-kp-cmcRA check prevents arbitrary end-entity > certificates (such as an LDevID certificate) from having vouchers > issued against them. > > > Corrected Text > -------------- > Even when a domain CA is authenticated to the MASA, and there is > strong sales channel integration to understand who the legitimate > owner is, the above id-kp-cmcRA check prevents arbitrary end-entity > certificates (such as an LDevID certificate) from having vouchers > issued against them. > > add: > The id-kp-cmcRA is an Extended Key Usage (EKU) attribute. > When any EKU attribute it set, then the certificate MUST have all > related attributes set. > This means that the Registrar certificate MUST also have the > id-kp-clientAuth (for use with the MASA) and the id-kp-serverAuth > (for use with the Pledge) set. > > > Notes > ----- > https://mailarchive.ietf.org/arch/msg/anima/H6Xs_f3rQAh9acOEFXEYuoZZGls/ > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC8995 (draft-ietf-anima-bootstrapping-keyinfra-45) > -------------------------------------- > Title : Bootstrapping Remote Secure Key Infrastructure (BRSKI) > Publication Date : May 2021 > Author(s) : M. Pritikin, M. Richardson, T. Eckert, M. Behringer, K. > Watsen > Category : PROPOSED STANDARD > Source : Autonomic Networking Integrated Model and Approach > Area : Operations and Management > Stream : IETF > Verifying Party : IESG > _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
