RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 3 records.

Status: Verified (1)

RFC 6962, "Certificate Transparency", June 2013

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 3686

Status: Verified
Type: Technical

Reported By: Eran Messeri
Date Reported: 2013-07-26
Verifier Name: Stephen Farrell
Date Verified: 2014-07-03

Section 4.2 says:

chain:  An array of base64-encoded Precertificates.  The first
         element is the end-entity certificate; the second chains to the
         first and so on to the last, which is either the root
         certificate or a certificate that chains to a known root
         certificate.

It should say:

chain:  An array of base64-encoded Precertificate and certificates. 
         The first element is the end-entity precertificate; the second
         chains to the first and so on to the last, which is either the
         root certificate or a certificate that chains to a known root
         certificate. Only the first element in the array may be
         a precertificate.

Notes:

The current description of Add PreCertChain implies the array may consist of multiple Precertificates. In practice it only makes sense for the first element to be a Precertificate, the following elements should be proper certificates.

Status: Reported (2)

RFC 6962, "Certificate Transparency", June 2013

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 4204

Status: Reported
Type: Technical

Reported By: Paul Hadfield
Date Reported: 2014-12-18

Section 3.1 says:

   "precertificate_chain" is a chain of additional certificates required
   to verify the Precertificate submission.  The first certificate MAY
   be a valid Precertificate Signing Certificate and MUST certify the
   first certificate.  Each following certificate MUST directly certify
   the one preceding it.  The final certificate MUST be a root
   certificate accepted by the log.

It should say:

   "precertificate_chain" is a chain of additional certificates required
   to verify the Precertificate submission.  The first certificate MAY
   be a valid Precertificate Signing Certificate and MUST certify the
   Precertificate.  Each following certificate MUST directly certify
   the one preceding it.  The final certificate MUST be a root
   certificate accepted by the log.

Notes:

It seems to be a cut and paste error that affects the meaning.

Errata ID: 4286

Status: Reported
Type: Editorial

Reported By: Ben Laurie
Date Reported: 2015-03-04

Section 3 says:

When a valid certificate is submitted to a log, the log MUST
immediately return a Signed Certificate Timestamp (SCT).

It should say:

When a valid certificate or Precertificate is submitted to a log, the
log MUST immediately return a Signed Certificate Timestamp (SCT).

Report New Errata