RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 7935, "The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure", August 2016

Source of RFC: sidr (rtg)

Errata ID: 5737
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: Alberto Leiva Popper
Date Reported: 2019-05-24
Rejected by: Alvaro Retana
Date Rejected: 2019-07-18

Section 3.1 says:

algorithm (which is an AlgorithmIdentifier type):
   The object identifier for RSA PKCS #1 v1.5 with SHA-256 MUST be
   used in the algorithm field, as specified in Section 5 of
   [RFC4055].  The value for the associated parameters from that
   clause MUST also be used for the parameters field.

It should say:

algorithm (which is an AlgorithmIdentifier type):
   The object identifier for RSA (rsaEncryption) MUST be used for the
   algorithm field, as specified in Section 3.2 of [RFC3370]. The value
   for the associated parameters from that clause MUST also be used for
   the parameters field.

Notes:

The field described in the paragraph belongs to a public key. The way I understand it, particularly due to the inclusion of a digest, "RSA PKCS #1 v1.5 with SHA-256" (sha256WithRSAEncryption) is not really a public key algorithm identifier; it's a signature algorithm identifier.

(Courtesy of Russ Housley) rsaEncryption also allows the public key to be used with PKCS#1 v1.5, RSASSA-PSS, and RSAES-OAEP.

All existing RPKI readers and writers that I've seen, as well as the global RPKI repository certificates themselves, currently use rsaEncryption as the public key algorithm of subjectPublicKeyInfo. Therefore, this change should also reflect existing practice.
--VERIFIER NOTES--
Any changes to normative statements require WG consensus. In this case, rfc7935 has been updated twice. Discussion should happen in the sidrops WG.

Report New Errata