RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

RFC 4985, "Internet X.509 Public Key Infrastructure Subject Alternative Name for Expression of Service Name", August 2007

Source of RFC: pkix (sec)
See Also: RFC 4985 w/ inline errata

Errata ID: 2520
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Stefan Santesson
Date Reported: 2010-09-14
Verifier Name: Tim Polk
Date Verified: 2011-03-09

Section 2 says:

    The DNS domain name of the domain where the specified service
    is located.

It should say:

    A DNS domain name, representing a domain for which the certificate
    issuer has asserted that the certified subject is a legitimate
    provider of the identified service.


The current text is ambiguous compared with the defined meaning of this name form given in the RFC.

The definition of this component is given in the overall definition as:

"The content of the components of this name form MUST be consistent
with the corresponding definition of these components in an SRV RR
according to RFC 2782 [N3]."

And later in the same section:

"The purpose of the SRVName is limited to authorization of
service provision within a domain."

The changed text makes it clear that the domain is the domain where the certified host is a legitimate service provider, which may or may not be the domain where the same host is located. Thus the changed text harmonize with the rest of the document.

Report New Errata

Advanced Search