[sidr] Fwd: [Errata Rejected] RFC6487 (3168)

Mon, 06 May 2013 05:30:46 -0700 


Whilst this change was supported by one author and one of the chairs,
it is a technical change and thus outside the scope of change
permitted in an errata.

The correct approach is for a member of the WG to produce a
short update draft and test that this has WG and IETF consensus.

Please can the chairs drive this process.

- Stewart


-------- Original Message --------
Subject:        [Errata Rejected] RFC6487 (3168)
Date:   Mon, 6 May 2013 05:24:39 -0700
From:   RFC Errata System <[email protected]>
To: <[email protected]>, <[email protected]>, <[email protected]>, <[email protected]> 
CC:     <[email protected]>, <[email protected]>, <[email protected]>



The following errata report has been rejected for RFC6487,
"A Profile for X.509 PKIX Resource Certificates".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata_search.php?rfc=6487&eid=3168

--------------------------------------
Status: Rejected
Type: Technical

Reported by: David Mandelberg <[email protected]>
Date Reported: 2012-03-26
Rejected by: Stewart Bryant (IESG)

Section: 4.8

Original Text
-------------
   or non-critical.  A certificate-using system MUST reject the

   certificate if it encounters a critical extension it does not

   recognize; however, a non-critical extension MAY be ignored if it is

   not recognized [RFC5280].

Corrected Text
--------------
   or non-critical.  A certificate-using system MUST reject the

   certificate if it encounters an extension not explicitly mentioned

   in this document.  This is in contrast to RFC 5280 which allows

   non-critical extensions to be ignored.

Notes
-----
Other sections of the same document contradict the original section 4.8:



Section 1:



   Any extensions not explicitly mentioned MUST be absent.  The same

   applies to the CRLs used in the RPKI, that are also profiled in this

   document.



Section 8:



   Certificate Extensions:

         This profile does not permit the use of any other critical or

         non-critical extensions.
 --VERIFIER NOTES--
   This is a technical change to the RFC and needs to be addressed though the 
IETF consensus process and rather than via the errata process.

--------------------------------------
RFC6487 (draft-ietf-sidr-res-certs-22)
--------------------------------------
Title               : A Profile for X.509 PKIX Resource Certificates
Publication Date    : February 2012
Author(s)           : G. Huston, G. Michaelson, R. Loomans
Category            : PROPOSED STANDARD
Source              : Secure Inter-Domain Routing
Area                : Routing
Stream              : IETF
Verifying Party     : IESG

.




_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr

Reply via email to