>> The following errata report has been submitted for RFC6487, >> "A Profile for X.509 PKIX Resource Certificates". >> >> -------------------------------------- >> You may review the report below and at: >> http://www.rfc-editor.org/errata_search.php?rfc=6487&eid=3238 >> >> -------------------------------------- >> Type: Technical >> Reported by: Stephen Kent <[email protected]> >> >> Section: 6.3 >> >> Original Text >> ------------- >> ExtendedKeyUsage >> The CA MAY honor ExtendedKeyUsage extensions of keyCertSign and >> cRLSign if present, as long as this is consistent with the >> BasicConstraints SubjectType sub-field, when specified. >> >> Corrected Text >> -------------- >> ExtendedKeyUsage >> The CA MAY honor ExtendedKeyUsage extensions in requests for EE >> certificates that are issued to routers or other devices, consistent >> with values >> specified in Standards Track RFCs that adopt this profile and that >> identify >> application-specific requirements that motivate the use of such EKUs. >> > > I agree that this correction make sense. I also agree on the restriction to > uses that are compatible with this profile rather than the complete registry > list. We already have RFC 6494 as example. > > Roque > > > > >> Notes >> ----- >> The current text appears to be the result of a "cut and paste" error. It is >> essentially identical to the text >> for the Key Usage extension, and names two fields that appear in that >> extension, not in an EKU extension. The text I propose above parallels what >> appears in Section 4.8.5, which describes how an >> EKU MAY be used in RPKI certificates. >> >> Instructions: >> ------------- >> This errata is currently posted as "Reported". If necessary, please >> use "Reply All" to discuss whether it should be verified or >> rejected. When a decision is reached, the verifying party (IESG) >> can log in to change the status and edit the report, if necessary. >> >> -------------------------------------- >> RFC6487 (draft-ietf-sidr-res-certs-22) >> -------------------------------------- >> Title : A Profile for X.509 PKIX Resource Certificates >> Publication Date : February 2012 >> Author(s) : G. Huston, G. Michaelson, R. Loomans >> Category : PROPOSED STANDARD >> Source : Secure Inter-Domain Routing >> Area : Routing >> Stream : IETF >> Verifying Party : IESG
while i agree that the change is correct, this is not an erratum, but an actual change in semantics. randy _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
