I'm confused here. What is the the correction? Seems like a fixed version of the command using RSA instead of EC is correct, but I'm not clear what the exact verification will be.
Joe On 4/12/21 11:19, Rob Wilton (rwilton) wrote: > Hi, > > Speaking to Warren offline, he suggests (as an author) that this errata > should be verified. > > Please let me know this week if anyone feels differently, otherwise I'll > verify this at the end of the week. > > Thanks, > Rob > > >> -----Original Message----- >> From: RFC Errata System <[email protected]> >> Sent: 05 October 2020 20:25 >> To: [email protected]; [email protected]; [email protected]; Rob Wilton >> (rwilton) <[email protected]>; [email protected]; Joe Clarke >> (jclarke) <[email protected]>; [email protected] >> Cc: [email protected]; [email protected]; [email protected] >> Subject: [Technical Errata Reported] RFC8886 (6299) >> >> The following errata report has been submitted for RFC8886, >> "Secure Device Install". >> >> -------------------------------------- >> You may review the report below and at: >> https://www.rfc-editor.org/errata/eid6299 >> >> -------------------------------------- >> Type: Technical >> Reported by: Stéphane Bortzmeyer <[email protected]> >> >> Section: A.2.2 >> >> Original Text >> ------------- >> openssl smime -encrypt -aes-256-cbc -in SN19842256.cfg \ >> -out SN19842256.enc \ >> -outform PEM SN19842256.crt >> >> Corrected Text >> -------------- >> No corrected text, I think it requires more changes in the previous >> command. >> >> >> Notes >> ----- >> The command in the RFC fails with: >> >> Error creating PKCS#7 structure >> 140616744621440:error:21082096:PKCS7 >> routines:PKCS7_RECIP_INFO_set:encryption not supported for this key >> type:crypto/pkcs7/pk7_lib.c:487: >> 140616744621440:error:21073078:PKCS7 routines:PKCS7_encrypt:error adding >> recipient:crypto/pkcs7/pk7_smime.c:458: >> >> A rapid glance in some online discussions seem to indicate that you cannot >> S/MIME encrypt with elliptic curves. >> >> With RSA for the key, the command in the RFC works fine. >> >> Instructions: >> ------------- >> This erratum is currently posted as "Reported". If necessary, please >> use "Reply All" to discuss whether it should be verified or >> rejected. When a decision is reached, the verifying party >> can log in to change the status and edit the report, if necessary. >> >> -------------------------------------- >> RFC8886 (draft-ietf-opsawg-sdi-13) >> -------------------------------------- >> Title : Secure Device Install >> Publication Date : September 2020 >> Author(s) : W. Kumari, C. Doyle >> Category : INFORMATIONAL >> Source : Operations and Management Area Working Group >> Area : Operations and Management >> Stream : IETF >> Verifying Party : IESG _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
