RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 5280, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", May 2008

Note: This RFC has been updated by RFC 6818, RFC 8398, RFC 8399, RFC 9549, RFC 9598

Source of RFC: pkix (sec)

Errata ID: 3466
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT

Reported By: Annie Yousar
Date Reported: 2013-01-18
Held for Document Update by: Sean Turner

Section 4.2.1.6 says:

   If the subjectAltName extension is present, the sequence MUST contain
   at least one entry.  Unlike the subject field, conforming CAs MUST
|  NOT issue certificates with subjectAltNames containing empty
   GeneralName fields.  For example, an rfc822Name is represented as an
   IA5String.  While an empty string is a valid IA5String, such an
   rfc822Name is not permitted by this profile. 

It should say:

   If the subjectAltName extension is present, the sequence MUST contain
   at least one entry.  Unlike the subject field, conforming CAs MUST
|  NOT issue certificates with subjectAltName extensions containing empty
   GeneralName fields.  For example, an rfc822Name is represented as an
   IA5String.  While an empty string is a valid IA5String, such an
   rfc822Name is not permitted by this profile. 

Notes:

Certificates do not have "subjectAltNames" but only "subjectAltName extensions", which is the correct wording that is thoroughly used in the document.

Report New Errata



Advanced Search