The following errata report has been verified for RFC6485, "The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure (RPKI)".
-------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6485&eid=4339 -------------------------------------- Status: Verified Type: Technical Reported by: Sandra Murphy <[email protected]> Date Reported: 2015-04-20 Verified by: Alvaro Retana (IESG) Section: 2. Original Text ------------- In a certification request, the OID appears in the PKCS #10 signatureAlgorithm field [RFC2986] or in the Certificate Request Message Format (CRMF) POPOSigningKey signature field [RFC4211]. Corrected Text -------------- In a certification request, the OID appears in the PKCS #10 signatureAlgorithm field [RFC2986] or in the Certificate Request Message Format (CRMF) POPOSigningKey algorithmIdentifier field [RFC4211]. Notes ----- This is technically a technical change, as it would technically affect implementation, but I believe in fact it is just a typo. Only a very inexperienced implementor would put the RFC6485 algorithm OID in the signature field of the POPOSigningKey. This problem was noted in a message to the sidr list https://www.ietf.org/mail-archive/web/sidr/current/msg06587.html and supported by another message https://www.ietf.org/mail-archive/web/sidr/current/msg06649.html At noted in the message to the sidr list, RFC4211 says that the POPOSigningKey is: POPOSigningKey ::= SEQUENCE { poposkInput [0] POPOSigningKeyInput OPTIONAL, algorithmIdentifier AlgorithmIdentifier, signature BIT STRING } The OID mentioned in the RFC6485 text is for the algorithm identifier and so should appear in the algorithmIdentifier field, not the signature field. -------------------------------------- RFC6485 (draft-ietf-sidr-rpki-algs-05) -------------------------------------- Title : The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure (RPKI) Publication Date : February 2012 Author(s) : G. Huston Category : PROPOSED STANDARD Source : Secure Inter-Domain Routing Area : Routing Stream : IETF Verifying Party : IESG _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
