RFC Errata
RFC 3281, "An Internet Attribute Certificate Profile for Authorization", April 2002
Note: This RFC has been obsoleted by RFC 5755
Source of RFC: pkix (sec)See Also: RFC 3281 w/ inline errata
Errata ID: 1479
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Kurt Zeilenga
Date Reported: 2008-07-30
Verifier Name: Tim Polk
Date Verified: 2008-11-20
Section 4.4.6 says:
SecurityCategory ::= SEQUENCE { type [0] IMPLICIT OBJECT IDENTIFIER, value [1] ANY DEFINED BY type }
It should say:
SecurityCategory ::= SEQUENCE { type [0] OBJECT IDENTIFIER, value [1] EXPLICIT ANY DEFINED BY type }
Notes:
It appears an error in the definition of SecurityCategory was introduced when it was taken from a module with EXPLICIT TAG default into a module with IMPLICIT TAG default. In particular, the tag on the value MUST be EXPLICIT due to the ANY. Otherwise the tag of the any would replace the value's tag.
Note that extra IMPLICIT in the original text is merely extraneous (whereas the missing EXPLICIT is quite problematic).
It is also noted that clearance was NOT defined in X.501(1993), but X.500(1997). However, X.501(2005) may be the best reference for clearance.