RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 6487, "A Profile for X.509 PKIX Resource Certificates", February 2012

Source of RFC: sidr (rtg)

Errata ID: 3168
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: David Mandelberg
Date Reported: 2012-03-26
Rejected by: Stewart Bryant
Date Rejected: 2013-05-06

Section 4.8 says:

   or non-critical.  A certificate-using system MUST reject the
   certificate if it encounters a critical extension it does not
   recognize; however, a non-critical extension MAY be ignored if it is
   not recognized [RFC5280].

It should say:

   or non-critical.  A certificate-using system MUST reject the
   certificate if it encounters an extension not explicitly mentioned
   in this document.  This is in contrast to RFC 5280 which allows
   non-critical extensions to be ignored.

Notes:

Other sections of the same document contradict the original section 4.8:

Section 1:

Any extensions not explicitly mentioned MUST be absent. The same
applies to the CRLs used in the RPKI, that are also profiled in this
document.

Section 8:

Certificate Extensions:
This profile does not permit the use of any other critical or
non-critical extensions.
--VERIFIER NOTES--
This is a technical change to the RFC and needs to be addressed though the IETF consensus process and rather than via the errata process.

Report New Errata