The following errata report has been submitted for RFC6489, "Certification Authority (CA) Key Rollover in the Resource Public Key Infrastructure (RPKI)".
-------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6489&eid=3756 -------------------------------------- Type: Technical Reported by: David Mandelberg <[email protected]> Section: 2 Original Text ------------- This request MUST include the same SIA extension that is present in the CURRENT CA certificate. Corrected Text -------------- The AccessDescriptions with accessMethods of id-ad-caRepository in the request's SIA extension MUST be the same as the AccessDescriptions with accessMethods of id-ad-caRepository in the CURRENT CA certificate's SIA extension. Notes ----- An RFC6487-compliant CA certificate's SIA extension has AccessDescriptions for both its repository (id-ad-caRepository) and its manifest (id-ad-rpkiManifest). Section 2 of RFC6489 also states, "While the 'current' and 'new' CA instances share a single repository publication point, each CA has its own CRL and its own manifest." This indicates that only the id-ad-caRepository AccessDescriptions should be identical, not the id-ad-rpkiManifest AccessDescriptions. Instructions: ------------- This errata is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6489 (draft-ietf-sidr-keyroll-08) -------------------------------------- Title : Certification Authority (CA) Key Rollover in the Resource Public Key Infrastructure (RPKI) Publication Date : February 2012 Author(s) : G. Huston, G. Michaelson, S. Kent Category : BEST CURRENT PRACTICE Source : Secure Inter-Domain Routing Area : Routing Stream : IETF Verifying Party : IESG _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
