errata logo graphic

Found 1 record.

Status: Verified (1)

RFC6489, "Certification Authority (CA) Key Rollover in the Resource Public Key Infrastructure (RPKI)", February 2012

Source of RFC: sidr (rtg)

Errata ID: 3756

Status: Verified
Type: Technical

Reported By: David Mandelberg
Date Reported: 2013-10-16
Verifier Name: Stewart Bryant
Date Verified: 2013-10-30

Section 2 says:

         This
         request MUST include the same SIA extension that is present in
         the CURRENT CA certificate.

It should say:

The AccessDescriptions with accessMethods of id-ad-caRepository in the
request's SIA extension MUST be the same as the AccessDescriptions with
accessMethods of id-ad-caRepository in the CURRENT CA certificate's SIA
extension.

Notes:

An RFC6487-compliant CA certificate's SIA extension has AccessDescriptions for both its repository (id-ad-caRepository) and its manifest (id-ad-rpkiManifest). Section 2 of RFC6489 also states, "While the 'current' and 'new' CA instances share a single repository publication point, each CA has its own CRL and its own manifest." This indicates that only the id-ad-caRepository AccessDescriptions should be identical, not the id-ad-rpkiManifest AccessDescriptions.


Report New Errata