I agree with this errata, and thank David for bringing it to our attention.
kind regards, Geoff Huston On 17/10/2013, at 6:43 AM, RFC Errata System <[email protected]> wrote: > The following errata report has been submitted for RFC6489, > "Certification Authority (CA) Key Rollover in the Resource Public Key > Infrastructure (RPKI)". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=6489&eid=3756 > > -------------------------------------- > Type: Technical > Reported by: David Mandelberg <[email protected]> > > Section: 2 > > Original Text > ------------- > This > request MUST include the same SIA extension that is present in > the CURRENT CA certificate. > > Corrected Text > -------------- > The AccessDescriptions with accessMethods of id-ad-caRepository in the > request's SIA extension MUST be the same as the AccessDescriptions with > accessMethods of id-ad-caRepository in the CURRENT CA certificate's SIA > extension. > > Notes > ----- > An RFC6487-compliant CA certificate's SIA extension has AccessDescriptions > for both its repository (id-ad-caRepository) and its manifest > (id-ad-rpkiManifest). Section 2 of RFC6489 also states, "While the 'current' > and 'new' CA instances share a single repository publication point, each CA > has its own CRL and its own manifest." This indicates that only the > id-ad-caRepository AccessDescriptions should be identical, not the > id-ad-rpkiManifest AccessDescriptions. > > Instructions: > ------------- > This errata is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party (IESG) > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC6489 (draft-ietf-sidr-keyroll-08) > -------------------------------------- > Title : Certification Authority (CA) Key Rollover in the > Resource Public Key Infrastructure (RPKI) > Publication Date : February 2012 > Author(s) : G. Huston, G. Michaelson, S. Kent > Category : BEST CURRENT PRACTICE > Source : Secure Inter-Domain Routing > Area : Routing > Stream : IETF > Verifying Party : IESG _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
