RFC Errata
RFC 2560, "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP", June 1999
Note: This RFC has been obsoleted by RFC 6960
Note: This RFC has been updated by RFC 6277
Source of RFC: pkix (sec)See Also: RFC 2560 w/ inline errata
Errata ID: 3417
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: John Soltes
Date Reported: 2012-11-26
Verifier Name: Sean Turner
Date Verified: 2012-11-26
Section 4.2.2.2 says:
Systems or applications that rely on OCSP responses MUST be capable of detecting and enforcing use of the id-ad-ocspSigning value as described above. and 3. Includes a value of id-ad-ocspSigning in an ExtendedKeyUsage
It should say:
Systems or applications that rely on OCSP responses MUST be capable of detecting and enforcing use of the id-kp-OCSPSigning value as described above. and 3. Includes a value of id-kp-ocspSigning in an ExtendedKeyUsage
Notes:
The first paragraph specifies that an "id-kp-OCSPSigning" value be included, and it then defines that value as "id-kp-OCSPSigning OBJECT IDENTIFIER ::= {id-kp 9}", yet the second paragraph and the third listed alternative specify the use of an "id-ad-ocspSigning" value, which is not defined.
Also, the double quote mark at the end of the third listed alternative should be removed.