RFC Errata
RFC 2560, "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP", June 1999
Note: This RFC has been obsoleted by RFC 6960
Note: This RFC has been updated by RFC 6277
Source of RFC: pkix (sec)
Errata ID: 3272
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Matthew Moore
Date Reported: 2012-06-29
Rejected by: Sean Turner
Date Rejected: 2012-07-02
Section 4.1.1 says:
OCSPRequest ::= SEQUENCE { tbsRequest TBSRequest, optionalSignature [0] EXPLICIT Signature OPTIONAL } TBSRequest ::= SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, requestorName [1] EXPLICIT GeneralName OPTIONAL, requestList SEQUENCE OF Request, requestExtensions [2] EXPLICIT Extensions OPTIONAL } Signature ::= SEQUENCE { signatureAlgorithm AlgorithmIdentifier, signature BIT STRING, certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL} Version ::= INTEGER { v1(0) } Request ::= SEQUENCE { reqCert CertID, singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } CertID ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier, issuerNameHash OCTET STRING, -- Hash of Issuer's DN issuerKeyHash OCTET STRING, -- Hash of Issuers public key serialNumber CertificateSerialNumber }
It should say:
... Version ::= INTEGER { v1(0) } GeneralName ::= ???? ...
Notes:
The format of the GeneralName in the request syntax is never detailed.
--VERIFIER NOTES--
GeneralName is imported in the ASN.1 module from the PKIX1Explicit88 module.