Hi all, The errata is correct, this is a copy paste error.
There should be no impact on implementation, other than that if the implementation follows the original text strictly it will not work for ASNs on a trust anchor certificate, and if it's changed to follow the corrected text it will work. Mea culpa, I blame my copy/paste skills and replaying short term memory and my intent in proof reading my own bit of text here. Tim > On 13 Feb 2019, at 22:36, Sandra Murphy <[email protected]> wrote: > > I’d be interested to hear from the implementer(s) of the > validation-reconsidered RFC what impact there is in handling this change. > > (I suspect little impact, if any, but it would be very good to hear it from > the implementer(s). Suspicions don’t count for much.) > > —Sandy > >> On Feb 13, 2019, at 2:41 PM, RFC Errata System <[email protected]> >> wrote: >> >> The following errata report has been verified for RFC8360, >> "Resource Public Key Infrastructure (RPKI) Validation Reconsidered". >> >> -------------------------------------- >> You may review the report below and at: >> http://www.rfc-editor.org/errata/eid5638 >> >> -------------------------------------- >> Status: Verified >> Type: Technical >> >> Reported by: Alberto Leiva Popper <[email protected]> >> Date Reported: 2019-02-13 >> Verified by: Warren Kumari (Ops AD) (IESG) >> >> Section: 4.2.4.4 >> >> Original Text >> ------------- >> 7. Compute the VRS-IP and VRS-AS set values as indicated below: >> >> * If the IP Address Delegation extension is present in >> certificate x and x=1, set the VRS-IP to the resources found >> in this extension. >> >> * If the IP Address Delegation extension (...) >> >> * If the IP Address Delegation extension (...) >> >> * If the IP Address Delegation extension is present in >> certificate x and x=1, set the VRS-IP to the resources found >> in this extension. >> >> * If the AS Identifier Delegation extension (...) >> >> * If the AS Identifier Delegation extension (...) >> >> Corrected Text >> -------------- >> 7. Compute the VRS-IP and VRS-AS set values as indicated below: >> >> * If the IP Address Delegation extension is present in >> certificate x and x=1, set the VRS-IP to the resources found >> in this extension. >> >> * If the IP Address Delegation extension (...) >> >> * If the IP Address Delegation extension (...) >> >> * If the AS Identifier Delegation extension is present in >> certificate x and x=1, set the VRS-AS to the resources found >> in this extension. >> >> * If the AS Identifier Delegation extension (...) >> >> * If the AS Identifier Delegation extension (...) >> >> Notes >> ----- >> There seems to be a copy-paste error. >> >> There are two bullet points explaining the initialization of VRS-IP, and >> none explaining the initialization of VRS-AS. >> >> All the evidence suggests that the two extensions (IP Address Delegation and >> AS Identifier Delegation) are meant to be handled similarly, so I believe >> that the last three bullet points are supposed to perfectly mirror the first >> three. >> >> -------------------------------------- >> RFC8360 (draft-ietf-sidr-rpki-validation-reconsidered-10) >> -------------------------------------- >> Title : Resource Public Key Infrastructure (RPKI) Validation >> Reconsidered >> Publication Date : April 2018 >> Author(s) : G. Huston, G. Michaelson, C. Martinez, T. Bruijnzeels, >> A. Newton, D. Shaw >> Category : PROPOSED STANDARD >> Source : Secure Inter-Domain Routing >> Area : Routing >> Stream : IETF >> Verifying Party : IESG >> >> _______________________________________________ >> sidr mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/sidr > > _______________________________________________ > sidr mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/sidr _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
