errata logo graphic

Found 3 records.

Status: Reported (2)

RFC6931, "Additional XML Security Uniform Resource Identifiers (URIs)", April 2013

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 3965

Status: Reported
Type: Technical

Reported By: Axel Puhlmann
Date Reported: 2014-04-15

Section 4.2 and 4.1 says:

   2006/12/xmlc12n11#                  [CANON11]  Canonicalization
   2006/12/xmlc14n11#WithComments      [CANON11]  Canonicalization

It should say:

   2006/12/xmlc14n11#                  [CANON11]  Canonicalization
   2006/12/xmlc14n11#WithComments      [CANON11]  Canonicalization

Notes:

[CANON11] referencing to <http://www.w3.org/TR/2008/REC-xml-c14n11-20080502/>
only talks about c14n and not c12n.

If this is not a flaw but done purposely, there should be a not about it.

I could not find the original definitions for xmlc12n11 and xmlc14n11.
They are not in the referenced document.
(And google only shows copies of this rfc.)

For stability reasons it may be better to not change/correct this, as it may be already in use.
So a note about this discrepance may be appropriate. Or a reference to the document defining those uris.


Errata ID: 4004

Status: Reported
Type: Technical

Reported By: Frederick Hirsch
Date Reported: 2014-05-29

Section 2.3.11 says:

2.3.11.  RSA-SHA224

Identifier:
     http://www.w3.org/2007/05/xmldsig-more#rsa-sha224

  This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described
  in Section 2.3.1, but with the ASN.1 BER SHA-224 algorithm designator
  prefix.  An example of use is

  <SignatureMethod
     Algorithm="http://www.w3.org/2007/05/xmldsig-more#rsa-sha224" />

  Because it takes about the same effort to calculate a SHA-224 message
  digest as it does a SHA-256 message digest, it is suggested that
  RSA-SHA256 be used in preference to RSA-SHA224 where possible.

It should say:

2.3.11.  RSA-SHA224

Identifier:
     http://www.w3.org/2001/04/xmldsig-more#rsa-sha224

  This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described
  in Section 2.3.1, but with the ASN.1 BER SHA-224 algorithm designator
  prefix.  An example of use is

  <SignatureMethod
     Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha224" />

  Because it takes about the same effort to calculate a SHA-224 message
  digest as it does a SHA-256 message digest, it is suggested that
  RSA-SHA256 be used in preference to RSA-SHA224 where possible.

Notes:

RFC 6931 should be corrected to use the same identifier for RSA-SHA224 as is used in the W3C Recommendation "XML Signature Syntax and Processing Version 1.1? normative section 6.4.2 ( http://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/#sec-PKCS1 ).

This same identifier is also specified in the W3C Note "XML Security Algorithm Cross-Reference? section 3.2 ( http://www.w3.org/TR/2013/NOTE-xmlsec-algorithms-20130411/#RSA )

At least two shipping code implementations use this value from the W3C Recommendation ; to enable interoperability, avoid confusion and be consistent with the published Recommendation RFC 6931 should be updated to be consistent.

Please note that the revision affects both the identifier URL and the Algorithm attribute value in the 2.3.11 section which is why the entire section is given in the Original and Corrected text above.


Status: Held for Document Update (1)

RFC6931, "Additional XML Security Uniform Resource Identifiers (URIs)", April 2013

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 3597

Status: Held for Document Update
Type: Editorial

Reported By: Annie Yousar
Date Reported: 2013-04-18
Held for Document Update by: Sean Turner

Section References says:

[XMLDSIG11]   Eastlake, D., Reagle, J., Solo, D., Hirsch, F.,
              Nystrom, M., Roessler, T., and K. Yiu, "XML Signature
              Syntax and Processing Version 1.1", W3C Proposed
              Recommendation, 24 January 2013,
              <http://www.w3.org/TR/2013/PR-xmldsig-core1-20130124/>.


It should say:

[XMLDSIG11]   Eastlake, D., Reagle, J., Solo, D., Hirsch, F.,
              Nystrom, M., Roessler, T., and K. Yiu, "XML Signature
              Syntax and Processing Version 1.1", W3C Recommendation,
              11 April 2013, <http://www.w3.org/TR/xmldsig-core1/>.

Notes:

A normative reference should point to the final and not to the pre version even if there are differences.


Report New Errata