RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 5280, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", May 2008

Note: This RFC has been updated by RFC 6818, RFC 8398, RFC 8399, RFC 9549

Source of RFC: pkix (sec)

Errata ID: 4274
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT

Reported By: Ilya V. Matveychikov
Date Reported: 2015-02-19
Held for Document Update by: Kathleen Moriarty
Date Held: 2015-03-25

Section A.1 says:

-- Naming attributes of type X520CommonName:
--   X520CommonName ::= DirectoryName (SIZE (1..ub-common-name))

...

-- Naming attributes of type X520LocalityName:
--   X520LocalityName ::= DirectoryName (SIZE (1..ub-locality-name))

...

-- Naming attributes of type X520StateOrProvinceName:
--   X520StateOrProvinceName ::= DirectoryName (SIZE (1..ub-state-name))

...

-- Naming attributes of type X520OrganizationName:
--   X520OrganizationName ::=
--          DirectoryName (SIZE (1..ub-organization-name))

...

-- Naming attributes of type X520OrganizationalUnitName:
--   X520OrganizationalUnitName ::=
--          DirectoryName (SIZE (1..ub-organizational-unit-name))

...

-- Naming attributes of type X520Title:
--   X520Title ::= DirectoryName (SIZE (1..ub-title))

...

-- Naming attributes of type X520Pseudonym:
--   X520Pseudonym ::= DirectoryName (SIZE (1..ub-pseudonym))

It should say:

-- Naming attributes of type X520CommonName:
--   X520CommonName ::= DirectoryString (SIZE (1..ub-common-name))

...

-- Naming attributes of type X520LocalityName:
--   X520LocalityName ::= DirectoryString (SIZE (1..ub-locality-name))

...

-- Naming attributes of type X520StateOrProvinceName:
--   X520StateOrProvinceName ::=
--          DirectoryString (SIZE (1..ub-state-name))

...

-- Naming attributes of type X520OrganizationName:
--   X520OrganizationName ::=
--          DirectoryString (SIZE (1..ub-organization-name))

...

-- Naming attributes of type X520OrganizationalUnitName:
--   X520OrganizationalUnitName ::=
--          DirectoryString (SIZE (1..ub-organizational-unit-name))

...

-- Naming attributes of type X520Title:
--   X520Title ::= DirectoryString (SIZE (1..ub-title))

...

-- Naming attributes of type X520Pseudonym:
--   X520Pseudonym ::= DirectoryString (SIZE (1..ub-pseudonym))

Notes:

Appendix B. ASN.1 Notes says that:

For many of the attribute types defined in [X.520], the
AttributeValue uses the DirectoryString type. Of the attributes
specified in Appendix A, the name, surname, givenName, initials,
generationQualifier, commonName, localityName, stateOrProvinceName,
organizationName, organizationalUnitName, title, and pseudonym
attributes all use the DirectoryString type. X.520 uses a
parameterized type definition [X.683] of DirectoryString to specify
the syntax for each of these attributes. The parameter is used to
indicate the maximum string length allowed for the attribute. In
Appendix A, in order to avoid the use of parameterized type
definitions, the DirectoryString type is written in its expanded form
for the definition of each of these attribute types. So, the ASN.1
in Appendix A describes the syntax for each of these attributes as
being a CHOICE of TeletexString, PrintableString, UniversalString,
UTF8String, and BMPString, with the appropriate constraints on the
string length applied to each of the types in the CHOICE, rather than
using the ASN.1 type DirectoryString to describe the syntax.

There is nothing about DirectoryName type here. So comments in ASN.1 in
A.1 are wrong and DirectoryName should be fixed to DirectoryString.

From Expert PKIX reviewers:
The errata calls for changing "DirectoryName" to "DirectoryString" in the comments
of the ASN.1. Nobody seems to disagree with this correction.

This message triggered a lot of discussion about whether to remove the string size limits.
That discussion ended with consensus to retain the size limits.

Report New Errata



Advanced Search