Hi Paul, We are unable to verify this erratum that the submitter marked as editorial, so we changed the Type to “Technical”. As Stream Approver, please review and set the Status and Type accordingly (see the definitions at https://www.rfc-editor.org/errata-definitions/).
You may review the report at: https://www.rfc-editor.org/errata/eid8390 Information on how to verify errata reports can be found at: https://www.rfc-editor.org/how-to-verify/ Further information on errata can be found at: https://www.rfc-editor.org/errata.php Thank you, RFC Editor/mc > On Apr 22, 2025, at 9:30 AM, RFC Errata System <[email protected]> > wrote: > > The following errata report has been submitted for RFC9679, > "CBOR Object Signing and Encryption (COSE) Key Thumbprint". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid8390 > > -------------------------------------- > Type: Editorial > Reported by: Carsten Bormann <[email protected]> > > Section: 5.4 > > Original Text > ------------- > [...] as the "x5t" (X.509 certificate SHA-1 thumbprint) [RFC9360] > value defined for X.509 certificate objects does. > > Corrected Text > -------------- > [...] as the "x5t" (X.509 certificate thumbprint) [RFC9360] > value defined for X.509 certificate objects does. > > Notes > ----- > The hash function name "SHA-1" is spurious here. > RFC 9360 calls "x5t" a "Hash of an X.509 certificate" or goes into more > detail by saying "x5t: > This header parameter identifies the end-entity X.509 certificate by a hash > value (a thumbprint). ". > So calling "x5t" an "X.509 certificate thumbprint" is not wrong. > However, there is nothing in RFC 9360 about SHA-1, and SHA-1 is outdated > enough that this misreference borders on a technical mistake. > > Instructions: > ------------- > This erratum is currently posted as "Reported". (If it is spam, it > will be removed shortly by the RFC Production Center.) Please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > will log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC9679 (draft-ietf-cose-key-thumbprint-06) > -------------------------------------- > Title : CBOR Object Signing and Encryption (COSE) Key Thumbprint > Publication Date : December 2024 > Author(s) : K. Isobe, H. Tschofenig, O. Steele > Category : PROPOSED STANDARD > Source : CBOR Object Signing and Encryption > Stream : IETF > Verifying Party : IESG _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
