RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

RFC 2560, "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP", June 1999

Note: This RFC has been obsoleted by RFC 6960

Source of RFC: pkix (sec)

Errata ID: 3272
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: Matthew Moore
Date Reported: 2012-06-29
Rejected by: Sean Turner
Date Rejected: 2012-07-02

Section 4.1.1 says:

   OCSPRequest     ::=     SEQUENCE {
       tbsRequest                  TBSRequest,
       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }

   TBSRequest      ::=     SEQUENCE {
       version             [0]     EXPLICIT Version DEFAULT v1,
       requestorName       [1]     EXPLICIT GeneralName OPTIONAL,
       requestList                 SEQUENCE OF Request,
       requestExtensions   [2]     EXPLICIT Extensions OPTIONAL }

   Signature       ::=     SEQUENCE {
       signatureAlgorithm      AlgorithmIdentifier,
       signature               BIT STRING,
       certs               [0] EXPLICIT SEQUENCE OF Certificate 

   Version         ::=             INTEGER  {  v1(0) }

   Request         ::=     SEQUENCE {
       reqCert                     CertID,
       singleRequestExtensions     [0] EXPLICIT Extensions OPTIONAL }

   CertID          ::=     SEQUENCE {
       hashAlgorithm       AlgorithmIdentifier,
       issuerNameHash      OCTET STRING, -- Hash of Issuer's DN
       issuerKeyHash       OCTET STRING, -- Hash of Issuers public key
       serialNumber        CertificateSerialNumber }

It should say:

   Version         ::=             INTEGER  {  v1(0) }

   GeneralName     ::=      ????


The format of the GeneralName in the request syntax is never detailed.
GeneralName is imported in the ASN.1 module from the PKIX1Explicit88 module.

Report New Errata