RFC Errata
RFC 6487, "A Profile for X.509 PKIX Resource Certificates", February 2012
Source of RFC: sidr (rtg)
Errata ID: 3174
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: David Mandelberg
Date Reported: 2012-04-03
Rejected by: Stewart Bryant
Date Rejected: 2013-05-06
Section 5 says:
An RPKI CA MUST include the two extensions, Authority Key Identifier and CRL Number, in every CRL that it issues. RPs MUST be prepared to process CRLs with these extensions. No other CRL extensions are allowed.
It should say:
An RPKI CA MUST include the two extensions, Authority Key Identifier and CRL Number, in every CRL that it issues. The Authority Key Identifier extension MUST follow the same restrictions as in Section 4.8.3 above. RPs MUST be prepared to process CRLs with these extensions. No other CRL extensions are allowed.
Notes:
RFC 6487 doesn't specify any restrictions on the format of the AKI extension in CRLs.
--VERIFIER NOTES--
The discussion on the SIDR list concluded that this errata should be rejected, although there appears an issue that may need addressing through a new errata or a revision to the RFC text.