I have submitted the following errata as a result of the discussions concerning draft-saintandre-tls-server-id-check.
The updated text has been agreed on during these discussions. This is not considered to be a change of the RFC since the correct definition is given in two other places (explained in the errata). This is thus just an error fix to remove an ambiguity and to bring the document in alignment with itself. /Stefan On 10-09-14 6:34 PM, "RFC Errata System" <[email protected]> wrote: > > The following errata report has been submitted for RFC4985, > "Internet X.509 Public Key Infrastructure Subject Alternative Name for > Expression of Service Name". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=4985&eid=2520 > > -------------------------------------- > Type: Technical > Reported by: Stefan Santesson <[email protected]> > > Section: 2 > > Original Text > ------------- > Name > > The DNS domain name of the domain where the specified service > > is located. > > Corrected Text > -------------- > Name > > A DNS domain name, representing a domain for which the certificate > > issuer has asserted that the certified subject is a legitimate > > provider of the identified service. > > Notes > ----- > The current text is ambiguous compared with the defined meaning of this name > form given in the RFC. > > > > The definition of this component is given in the overall definition as: > > > > "The content of the components of this name form MUST be consistent > > with the corresponding definition of these components in an SRV RR > > according to RFC 2782 [N3]." > > > > And later in the same section: > > > > "The purpose of the SRVName is limited to authorization of > > service provision within a domain." > > > > The changed text makes it clear that the domain is the domain where the > certified host is a legitimate service provider, which may or may not be the > domain where the same host is located. Thus the changed text harmonize with > the rest of the document. > > Instructions: > ------------- > This errata is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party (IESG) > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC4985 (draft-ietf-pkix-srvsan-05) > -------------------------------------- > Title : Internet X.509 Public Key Infrastructure Subject > Alternative Name for Expression of Service Name > Publication Date : August 2007 > Author(s) : S. Santesson > Category : PROPOSED STANDARD > Source : Public-Key Infrastructure (X.509) > Area : Security > Stream : IETF > Verifying Party : IESG _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
