The following errata report has been verified for RFC6489, "Certification Authority (CA) Key Rollover in the Resource Public Key Infrastructure (RPKI)".
-------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6489&eid=3756 -------------------------------------- Status: Verified Type: Technical Reported by: David Mandelberg <[email protected]> Date Reported: 2013-10-16 Verified by: Stewart Bryant (IESG) Section: 2 Original Text ------------- This request MUST include the same SIA extension that is present in the CURRENT CA certificate. Corrected Text -------------- The AccessDescriptions with accessMethods of id-ad-caRepository in the request's SIA extension MUST be the same as the AccessDescriptions with accessMethods of id-ad-caRepository in the CURRENT CA certificate's SIA extension. Notes ----- An RFC6487-compliant CA certificate's SIA extension has AccessDescriptions for both its repository (id-ad-caRepository) and its manifest (id-ad-rpkiManifest). Section 2 of RFC6489 also states, "While the 'current' and 'new' CA instances share a single repository publication point, each CA has its own CRL and its own manifest." This indicates that only the id-ad-caRepository AccessDescriptions should be identical, not the id-ad-rpkiManifest AccessDescriptions. -------------------------------------- RFC6489 (draft-ietf-sidr-keyroll-08) -------------------------------------- Title : Certification Authority (CA) Key Rollover in the Resource Public Key Infrastructure (RPKI) Publication Date : February 2012 Author(s) : G. Huston, G. Michaelson, S. Kent Category : BEST CURRENT PRACTICE Source : Secure Inter-Domain Routing Area : Routing Stream : IETF Verifying Party : IESG _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
