Re: [sidr] [Technical Errata Reported] RFC6487 (3174)

Tue, 03 Apr 2012 16:27:38 -0700 

I'm tending to a "reject". Section 4.8.3 does not precisely apply to CRLs, so 
to accept this would then require a further errata notice to amend this errata 
to narrow down the scope of the AIA further. 

Given that the text already says:  "The algorithm used in CRLs issued under 
this profile is specified in [RFC6485]." then I'm not not what futerhe 
specification is required here.

regards,

    Geoff







On 04/04/2012, at 4:26 AM, RFC Errata System wrote:

> 
> The following errata report has been submitted for RFC6487,
> "A Profile for X.509 PKIX Resource Certificates".
> 
> --------------------------------------
> You may review the report below and at:
> http://www.rfc-editor.org/errata_search.php?rfc=6487&eid=3174
> 
> --------------------------------------
> Type: Technical
> Reported by: David Mandelberg <[email protected]>
> 
> Section: 5
> 
> Original Text
> -------------
>   An RPKI CA MUST include the two extensions, Authority Key Identifier
>   and CRL Number, in every CRL that it issues.  RPs MUST be prepared to
>   process CRLs with these extensions.  No other CRL extensions are
>   allowed.
> 
> Corrected Text
> --------------
>   An RPKI CA MUST include the two extensions, Authority Key Identifier
>   and CRL Number, in every CRL that it issues.  The Authority Key
>   Identifier extension MUST follow the same restrictions as in
>   Section 4.8.3 above.  RPs MUST be prepared to process CRLs with
>   these extensions.  No other CRL extensions are allowed.
> 
> Notes
> -----
> RFC 6487 doesn't specify any restrictions on the format of the AKI extension 
> in CRLs.
> 
> Instructions:
> -------------
> This errata is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party (IESG)
> can log in to change the status and edit the report, if necessary. 
> 
> --------------------------------------
> RFC6487 (draft-ietf-sidr-res-certs-22)
> --------------------------------------
> Title               : A Profile for X.509 PKIX Resource Certificates
> Publication Date    : February 2012
> Author(s)           : G. Huston, G. Michaelson, R. Loomans
> Category            : PROPOSED STANDARD
> Source              : Secure Inter-Domain Routing
> Area                : Routing
> Stream              : IETF
> Verifying Party     : IESG




_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr

Reply via email to