RFC Errata
RFC 5280, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", May 2008
Note: This RFC has been updated by RFC 6818, RFC 8398, RFC 8399, RFC 9549
Source of RFC: pkix (sec)
Errata ID: 1774
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Takashi Ito
Date Reported: 2009-05-04
Rejected by: Pasi Eronen
Date Rejected: 2009-05-27
Section 6.3 says:
For each distribution point (DP) in the certificate CRL distribution
points extension, for each corresponding CRL in the local CRL cache,
while ((reasons_mask is not all-reasons) and (cert_status is
UNREVOKED)) perform the following:
(a) Update the local CRL cache by obtaining a complete CRL, a
delta CRL, or both, as required:
It should say:
For each distribution point (DP) in the certificate CRL distribution
points extension, for each corresponding CRL in the local CRL cache,
while ((reasons_mask is not all-reasons) and (cert_status is
UNREVOKED)) perform the following:
(l) Set the reasons_mask state variable to the union of
its previous value and the value of the interim_reasons_mask
state variable.
(a) Update the local CRL cache by obtaining a complete CRL, a
delta CRL, or both, as required:
Notes:
This was reported in 2002 for RFC 3280, which this document obsoletes. The correction did not make it in to RFC 5280, and therefore applies to RFC 5280 as well.
--VERIFIER NOTES--
The correction already appears as step (l), the last step in the loop.