RFC Errata
RFC 6487, "A Profile for X.509 PKIX Resource Certificates", February 2012
Note: This RFC has been updated by RFC 7318, RFC 8209
Source of RFC: sidr (rtg)See Also: RFC 6487 w/ inline errata
Errata ID: 3205
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: David Mandelberg
Date Reported: 2012-04-27
Verifier Name: Stewart Bryant
Date Verified: 2013-09-19
Section 5 says:
An RPKI CA MUST include the two extensions, Authority Key Identifier and CRL Number, in every CRL that it issues. RPs MUST be prepared to process CRLs with these extensions. No other CRL extensions are allowed.
It should say:
An RPKI CA MUST include the two extensions, Authority Key Identifier and CRL Number, in every CRL that it issues. RPs MUST be prepared to process CRLs with these extensions. No other CRL extensions are allowed. The extensions mentioned above MUST NOT appear more than once each.
Notes:
The clarification:
"The extensions mentioned above MUST NOT appear more than once each."
is added.