Hi Steve, > > The following errata report has been submitted for RFC6487, > "A Profile for X.509 PKIX Resource Certificates". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=6487&eid=3238 > > -------------------------------------- > Type: Technical > Reported by: Stephen Kent <[email protected]> > > Section: 6.3 > > Original Text > ------------- > ExtendedKeyUsage > The CA MAY honor ExtendedKeyUsage extensions of keyCertSign and > cRLSign if present, as long as this is consistent with the > BasicConstraints SubjectType sub-field, when specified. > > Corrected Text > -------------- > ExtendedKeyUsage > The CA MAY honor ExtendedKeyUsage extensions in requests for EE > certificates that are issued to routers or other devices, consistent > with values > specified in Standards Track RFCs that adopt this profile and that > identify > application-specific requirements that motivate the use of such EKUs. >
I agree that this correction make sense. I also agree on the restriction to uses that are compatible with this profile rather than the complete registry list. We already have RFC 6494 as example. Roque > Notes > ----- > The current text appears to be the result of a "cut and paste" error. It is > essentially identical to the text > for the Key Usage extension, and names two fields that appear in that > extension, not in an EKU extension. The text I propose above parallels what > appears in Section 4.8.5, which describes how an > EKU MAY be used in RPKI certificates. > > Instructions: > ------------- > This errata is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party (IESG) > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC6487 (draft-ietf-sidr-res-certs-22) > -------------------------------------- > Title : A Profile for X.509 PKIX Resource Certificates > Publication Date : February 2012 > Author(s) : G. Huston, G. Michaelson, R. Loomans > Category : PROPOSED STANDARD > Source : Secure Inter-Domain Routing > Area : Routing > Stream : IETF > Verifying Party : IESG > _______________________________________________ > sidr mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/sidr
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
