RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 8410, "Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure", August 2018

Source of RFC: curdle (sec)

Errata ID: 5696
Status: Reported
Type: Technical

Reported By: Lijun Liao
Date Reported: 2019-04-17

Section 5 says:

   If the keyUsage extension is present in a certification authority
   certificate that indicates id-Ed25519 or id-Ed448, then the keyUsage
   extension MUST contain one or more of the following values:

          nonRepudiation;
          digitalSignature;
          keyCertSign; and
          cRLSign.

It should say:

   If the keyUsage extension is present in a certification authority
   certificate that indicates id-Ed25519 or id-Ed448, then the keyUsage
   extension MUST contain keyCertSign, and zero, one or more of the
   following values:

          nonRepudiation;
          digitalSignature; and
          cRLSign.

Notes:

The usage keyCertSign must be set in a CA certificate.

Report New Errata