This report strike me as what should have been feedback during the development of the document, and not as a report of an error in the publication of the document. Apart from that, it's basically a different "spin" on the same point -- a different way of saying it, with different emphasis, that nevertheless says substantively the same thing.
Unless the authors tell me that, yes, this is what they'd meant to say and it got screwed up in the editing somehow, I don't see how this fits in as "errata". Barry, Applications AD On Fri, May 8, 2015 at 7:47 PM, RFC Errata System <[email protected]> wrote: > The following errata report has been submitted for RFC7525, > "Recommendations for Secure Use of Transport Layer Security (TLS) and > Datagram Transport Layer Security (DTLS)". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=7525&eid=4360 > > -------------------------------------- > Type: Technical > Reported by: Martin Rex <[email protected]> > > Section: 6.1 > > Original Text > ------------- > 6.1. Host Name Validation > > Application authors should take note that some TLS implementations do > not validate host names. If the TLS implementation they are using > does not validate host names, authors might need to write their own > validation code or consider using a different TLS implementation. > > Corrected Text > -------------- > 6.1. Host Name Validation > > Application authors should take note that the TLS protocol explicitly > defers checking of names and attributes of end-entity certificates > to applications, see last sentence of RFC5246 , Section 1 (TLSv1.2). > > Some TLS implementations may offer a convenience function to perform > a server endpoint identification according to RFC 2818, Section 3 > (HTTP over TLS). For TLS implementations without such a convenience > function, and for applications with different server identification > schemes, application implementors may have to write the necessary > code themselves. > > > > Notes > ----- > TLSv1.0 (rfc2246), TLSv1.1 (rfc4346) and TLSv1.2 (rfc5246) are quite > clear in that the original text is misleading on the actual properties > provided by a TLS implementation itself: > > https://tools.ietf.org/html/rfc5246#page-5 > > how to interpret the authentication certificates > exchanged are left to the judgment of the designers and implementors > of protocols that run on top of TLS. > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party (IESG) > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC7525 (draft-ietf-uta-tls-bcp-11) > -------------------------------------- > Title : Recommendations for Secure Use of Transport Layer > Security (TLS) and Datagram Transport Layer Security (DTLS) > Publication Date : May 2015 > Author(s) : Y. Sheffer, R. Holz, P. Saint-Andre > Category : BEST CURRENT PRACTICE > Source : Using TLS in Applications > Area : Applications > Stream : IETF > Verifying Party : IESG > _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
