RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 2560, "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP", June 1999

Note: This RFC has been obsoleted by RFC 6960

Source of RFC: pkix (sec)

Errata ID: 3251
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT

Reported By: Daniel Barclay
Date Reported: 2012-06-11
Held for Document Update by: Sean Turner

Section 4.2.2.2 says:

...  They MUST reject the response if the certificate required to validate
the signature on the response fails to meet at least one of the following
criteria:

   1. ...
   2. ...
   3. ...

It should say:

...  They MUST reject the response if it is not the case that the
certificate required to validate the signature on the response meets at 
least one of the following criteria:

   1. ...
   2. ...
   3. ...

Notes:

The "fails to meet at least one ... " part of the original wording is ambiguous.

It can sound like the grouping is "(fails to meet) at least one ..." rather than the (apparently) intended "fails to (meet at least one)".

Note: The submitted corrected text needs further improvement. I think it eliminates the ambiguity, but it currently is harder to follow.

Report New Errata