Thank you, Geoff. I agree. --Sandy
________________________________________ From: Geoff Huston [[email protected]] Sent: Monday, March 26, 2012 11:33 PM To: RFC Errata System Cc: [email protected]; [email protected]; [email protected]; [email protected]; Murphy, Sandra; [email protected]; [email protected]; [email protected] Subject: Re: [Technical Errata Reported] RFC6487 (3168) > This errata is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party (IESG) > can log in to change the status and edit the report, if necessary. verified. Geoff On 27/03/2012, at 7:41 AM, RFC Errata System wrote: > > The following errata report has been submitted for RFC6487, > "A Profile for X.509 PKIX Resource Certificates". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=6487&eid=3168 > > -------------------------------------- > Type: Technical > Reported by: David Mandelberg <[email protected]> > > Section: 4.8 > > Original Text > ------------- > or non-critical. A certificate-using system MUST reject the > certificate if it encounters a critical extension it does not > recognize; however, a non-critical extension MAY be ignored if it is > not recognized [RFC5280]. > > Corrected Text > -------------- > or non-critical. A certificate-using system MUST reject the > certificate if it encounters an extension not explicitly mentioned > in this document. This is in contrast to RFC 5280 which allows > non-critical extensions to be ignored. > > Notes > ----- > Other sections of the same document contradict the original section 4.8: > > Section 1: > > Any extensions not explicitly mentioned MUST be absent. The same > applies to the CRLs used in the RPKI, that are also profiled in this > document. > > Section 8: > > Certificate Extensions: > This profile does not permit the use of any other critical or > non-critical extensions. > > Instructions: > ------------- > This errata is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party (IESG) > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC6487 (draft-ietf-sidr-res-certs-22) > -------------------------------------- > Title : A Profile for X.509 PKIX Resource Certificates > Publication Date : February 2012 > Author(s) : G. Huston, G. Michaelson, R. Loomans > Category : PROPOSED STANDARD > Source : Secure Inter-Domain Routing > Area : Routing > Stream : IETF > Verifying Party : IESG -- Geoff Huston Chief Scientist, APNIC +61 7 3858 3100 [email protected] _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
