errata logo graphic

Found 4 records.

Status: Verified (2)

RFC4055, "Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", June 2005

Source of RFC: pkix (sec)

Errata ID: 1468

Status: Verified
Type: Editorial

Reported By: Sean Turner
Date Reported: 2008-07-09
Verifier Name: Tim Polk
Date Verified: 2008-11-19

Section 3 says:

   CAs that issue certificates with the id-RSASSA-PSS algorithm
   identifier SHOULD require the presence of parameters in the
   publicKeyAlgorithms field if the cA boolean flag is set in the basic
   constraints certificate extension.  CAs MAY require that the
   parameters be present in the publicKeyAlgorithms field for end-entity
   certificates.

It should say:

   CAs that issue certificates with the id-RSASSA-PSS algorithm 
   identifier SHOULD require the presence of parameters in the 
   subjectPublicKeyInfo algorithm field if the cA boolean flag is set 
   in the basic constraints certificate extension.  CAs MAY require 
   that the parameters be present in the subjectPublicKeyInfo algorithm 
   field for end-entity certificates. 

Notes:

The correct name of the field is "subjectPublicKeyInfo algorithm field" as opposed to "publicKeyAlgorithms field". Note that this change is also included in the draft-ietf-pkix-rfc4055-update ID.


Errata ID: 1676

Status: Verified
Type: Editorial

Reported By: Alfred Hoenes
Date Reported: 2009-02-02
Verifier Name: Sean Turner
Date Verified: 2010-04-19

Section 3.1, 4.1 says:

a)  Section 3.1, explanation of maskGenAlgorithm, last paragraph
    (2nd paragraph on page 9)

b)  Section 4.1, explanation of maskGenFunc, last paragraph
    (2nd paragraph on page 11)
 
both say:

         Although mfg1SHA1Identifier is defined as the default value for
         this field, implementations MUST accept both the default value
         encoding (i.e., an absent field) and mfg1SHA1Identifier to be
         explicitly present in the encoding.

It should say:

both a) and b) should say:

         Although mgf1SHA1Identifier is defined as the default value for
         this field, implementations MUST accept both the default value
         encoding (i.e., an absent field) and mgf1SHA1Identifier to be
         explicitly present in the encoding.

Notes:

Rationale: 4 instances of the same character twister:

mfg1SHA1Identifier
--- ^^
mgf1SHA1Identifier

Note: "MGF" is the abbreviation of "Mask Generation Function".


Status: Held for Document Update (2)

RFC4055, "Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", June 2005

Source of RFC: pkix (sec)

Errata ID: 1677

Status: Held for Document Update
Type: Editorial

Reported By: Alfred Hoenes
Date Reported: 2009-02-02
Held for Document Update by: Tim Polk

Section 6, pg. 18 says:

      rSASSA-PSS-SHA512-Identifier  AlgorithmIdentifier  ::=  {
                              algorithm id-RSASSA-PSS,
|                             parameters rSSASSA-PSS-SHA512-params }
                                         ^^^^
      vvvv
|     rSSASSA-PSS-SHA512-params RSASSA-PSS-params ::= {
                              hashAlgorithm sha512Identifier,
                              maskGenAlgorithm mgf1SHA512Identifier,
                              saltLength 20,
                              trailerField 1  }

It should say:

      rSASSA-PSS-SHA512-Identifier  AlgorithmIdentifier  ::=  {
                              algorithm id-RSASSA-PSS,
|                             parameters rSASSA-PSS-SHA512-params }
                                         ^^^
      vvv
|     rSASSA-PSS-SHA512-params RSASSA-PSS-params ::= {
                              hashAlgorithm sha512Identifier,
                              maskGenAlgorithm mgf1SHA512Identifier,
                              saltLength 20,
                              trailerField 1  }

Notes:

repeated Typo; s/rSSA/rSA/


Errata ID: 2724

Status: Held for Document Update
Type: Editorial

Reported By: Sean Turner
Date Reported: 2011-02-16
Held for Document Update by: Tim Polk

Section 2.1 says:

  id-sha224  OBJECT IDENTIFIER  ::=  {{ joint-iso-itu-t(2)
                            country(16) us(840) organization(1) gov(101)
                            csor(3) nistalgorithm(4) hashalgs(2) 4 }

It should say:

  id-sha224  OBJECT IDENTIFIER  ::=  { joint-iso-itu-t(2)
                            country(16) us(840) organization(1) gov(101)
                            csor(3) nistalgorithm(4) hashalgs(2) 4 }

Notes:

There's an extra "{". This is incorrect ASN.1. I marked it as editorial because the ASN.1 module does not contain this error.


Report New Errata