RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 6 records.

Status: Verified (1)

RFC 4985, "Internet X.509 Public Key Infrastructure Subject Alternative Name for Expression of Service Name", August 2007

Source of RFC: pkix (sec)

Errata ID: 2520

Status: Verified
Type: Technical

Reported By: Stefan Santesson
Date Reported: 2010-09-14
Verifier Name: Tim Polk
Date Verified: 2011-03-09

Section 2 says:

 Name
    The DNS domain name of the domain where the specified service
    is located.

It should say:

Name
    A DNS domain name, representing a domain for which the certificate
    issuer has asserted that the certified subject is a legitimate
    provider of the identified service.

Notes:

The current text is ambiguous compared with the defined meaning of this name form given in the RFC.

The definition of this component is given in the overall definition as:

"The content of the components of this name form MUST be consistent
with the corresponding definition of these components in an SRV RR
according to RFC 2782 [N3]."

And later in the same section:

"The purpose of the SRVName is limited to authorization of
service provision within a domain."

The changed text makes it clear that the domain is the domain where the certified host is a legitimate service provider, which may or may not be the domain where the same host is located. Thus the changed text harmonize with the rest of the document.

Status: Held for Document Update (5)

RFC 4985, "Internet X.509 Public Key Infrastructure Subject Alternative Name for Expression of Service Name", August 2007

Source of RFC: pkix (sec)

Errata ID: 2396

Status: Held for Document Update
Type: Editorial

Reported By: Alfred Hoenes
Date Reported: 2007-09-18
Held for Document Update by: Sean Turner
Date Held: 2010-07-29

Section 5 says:

The second paragraph of Section 5 (on page 6 of RFC 4985) says:

   When X.509 certificates enhanced with the name form specified in this
   standard is used to enhance authentication of service discovery based
   on an SRV RR query to a DNS server, all security considerations of
   RFC 2782 applies.



It should say:

   When X.509 certificates enhanced with the name form specified in this
|  standard are used to enhance authentication of service discovery
   based on an SRV RR query to a DNS server, all security considerations
   of RFC 2782 applies.

Errata ID: 2397

Status: Held for Document Update
Type: Editorial

Reported By: Alfred Hoenes
Date Reported: 2007-09-18
Held for Document Update by: Sean Turner
Date Held: 2010-07-29

Section 2 says:

Within Section 2, the 3rd-to-last paragraph on page 3 says:

   Even though this name form is based on the service resource record
   (SRV RR) definition in RFC 2782 [N3] and may be used to enhance
   subsequent authentication of DNS-based service discovery, this
   standard does not define any new conditions or requirements regarding
|  use of SRV RR for service discovery or where and when such use is
   appropriate.
              ^^

It should say:

It should say:

   Even though this name form is based on the service resource record
   (SRV RR) definition in RFC 2782 [N3] and may be used to enhance
   subsequent authentication of DNS-based service discovery, this
   standard does not define any new conditions or requirements regarding
|  the use of SRV RRs for service discovery or where and when such use
   ^^^^           ^^^
   is appropriate.

Errata ID: 2399

Status: Held for Document Update
Type: Editorial

Reported By: Alfred Hoenes
Date Reported: 2007-09-18
Held for Document Update by: Sean Turner
Date Held: 2010-07-29

Section 1 says:

The last paragraph of Section 1, on page 2 of RFC 4985, says:

   v
|  Current dNSName GeneralName Subject Alternative name form only
   provides for DNS host names to be expressed in "preferred name
   syntax", as specified by RFC 1034 [N4].  [...]


It should say:

It should say:

   vvvvv
|  The current dNSName GeneralName Subject Alternative name form only
   provides for DNS host names to be expressed in "preferred name
   syntax", as specified by RFC 1034 [N4].  [...]

Errata ID: 1012

Status: Held for Document Update
Type: Editorial

Reported By: Alfred Hoenes
Date Reported: 2007-09-18
Held for Document Update by: Sean Turner
Date Held: 2010-07-29

Section 1 says:

RFC 4985 repeatedly uses inprecise terms like "domain name",
"DNS domain name", or even merely the pattern "host.example.com"
(in Section 4), in places where preferably the established precise
term "fully qualified domain name" (FQDN) should have been used.

Errata ID: 2395

Status: Held for Document Update
Type: Editorial

Reported By: Alfred Hoenes
Date Reported: 2007-09-18
Held for Document Update by: Sean Turner
Date Held: 2010-07-29

Section A.2 says:

  -- In the GeneralName definition using the 1993 ASN.1 syntax


It should say:


  -- The GeneralName definition using the 1993 ASN.1 syntax


Report New Errata



Search RFCs
Advanced Search
×