errata logo graphic

Found 6 records.

Status: Verified (3)

RFC6844, "DNS Certification Authority Authorization (CAA) Resource Record", January 2013

Source of RFC: pkix (sec)

Errata ID: 3547

Status: Verified
Type: Editorial

Reported By: Sean Turner
Date Reported: 2013-03-15
Verifier Name: Stephen Farrell
Date Verified: 2013-03-16

Section s7.2 says:

auth         Reserved                [HB2011]
path         Reserved                [HB2011]
policy       Reserved                [HB2011]

It should say:

auth         Reserved                [RFC6844]
path         Reserved                [RFC6844]
policy       Reserved                [RFC6844]

Notes:

Better to use the datatracker history to find the values than the expired drafts.


Errata ID: 3528

Status: Verified
Type: Editorial

Reported By: Sean Turner
Date Reported: 2013-03-10
Verifier Name: Stephen Farrell
Date Verified: 2013-03-16

Section s7.3 says:

Reserved>

It should say:

Reserved

Notes:

The additional ">" is unnecessary.


Errata ID: 3532

Status: Verified
Type: Editorial

Reported By: Sean Turner
Date Reported: 2013-03-10
Verifier Name: Stephen Farrell
Date Verified: 2013-03-16

Section s7.3 says:

1-7          Reserved                 [RFC6844]

It should say:

1-7          Unassigned              [RFC6844]

Notes:

"Unassigned" is better than Reserved.


Status: Held for Document Update (2)

RFC6844, "DNS Certification Authority Authorization (CAA) Resource Record", January 2013

Source of RFC: pkix (sec)

Errata ID: 4062

Status: Held for Document Update
Type: Technical

Reported By: Evan Hunt
Date Reported: 2014-07-24
Held for Document Update by: Kathleen Moriarty
Date Held: 2014-09-03

Section 5.1.1 says:

Value:  Is the <character-string> encoding of the value field as
specified in [RFC1035], Section 5.1.

It should say:

Value:  The value field, expressed as a contiguous set of characters
without interior spaces, or as a quoted string.  See the the
<character-string> format specified in [RFC1035], Section 5.1,
but note that the value field contains no length byte and is not
limited to 255 characters.

Notes:

<character-string> is defined in RFC 1035 as being limited to 255 characters
preceded by a length byte. Saying the field is encoded as a <character-string>
creates ambiguity as to whether the value field is intended to be size-limited.

RFC author agreed that it was okay to make this more explicit with the proposed text.


Errata ID: 4070

Status: Held for Document Update
Type: Editorial

Reported By: JINMEI Tatuya
Date Reported: 2014-08-05
Held for Document Update by: Kathleen Moriarty
Date Held: 2014-09-04

Section 3 says:

   $ORIGIN example.com
   .       CAA 0 issue "ca.example.net"

It should say:

   $ORIGIN example.com.
           CAA 0 issue "ca.example.net"

Notes:

The original text is obviously incorrect (or at least something not really intended) in that the owner name is absolute. It just doesn't make sense to use $ORIGIN if we use an absolute owner name for the actual RR. The "corrected text" is one representation of what I guess the author really intended.

There are other instances of the same kind of this error in this section, but I don't bother to list all of them as it should be obvious and the sense of the "fix" should be the same.

From the verification of the errata:
The errata is correct as reported with the following caveat, some implementations of DNS presentation format assume all $ORIGIN statements are Fully Qualified Domain Names,
but others do not and those will take the domain name and append to it current origin.
Thus the trailing dot removes any ambiguity that the name specified is FQDN.


Status: Rejected (1)

RFC6844, "DNS Certification Authority Authorization (CAA) Resource Record", January 2013

Source of RFC: pkix (sec)

Errata ID: 4061

Status: Rejected
Type: Technical

Reported By: Evan Hunt
Date Reported: 2014-07-24
Rejected by: Kathleen Moriarty
Date Rejected: 2014-09-03

Section 5.1 says:

Tag values SHOULD NOT contain any other characters.

It should say:

Tag values MUST NOT contain any other characters.

Notes:

Since the text representation of the tag field is unquoted, spaces and other whitespace must be explicitly excluded. Otherwise, it is possible to create a CAA record whose text representation cannot be parsed.
--VERIFIER NOTES--
This really gets down to MUST/SHOULD theology and whether you consider
the zone file syntax at the same level of conformance as DNS protocol.

The author believes SHOULD is correct here. The protocol on the wire will work
just fine if someone breaks this advice.

Yes, it might well break some zone file parsers. But those aren't on
the wire and that type of incompatibility is exactly what I would
expect from violating a SHOULD.

Code has to work if someone creates a RR with a non conformant label,
therefore a MUST does not saves any work. And the only circumstance in
which the editor can imagine someone using it would be where they wanted a
label that could not be inserted through normal zone files.

Phil Hallam-Baker certainly doesn't want people writing parsers to strip out records
with non conformant labels. So, stick with SHOULD.


Report New Errata