RFC Errata
RFC 5280, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", May 2008
Note: This RFC has been updated by RFC 6818, RFC 8398, RFC 8399, RFC 9549, RFC 9598, RFC 9608, RFC 9618
Source of RFC: pkix (sec)
Errata ID: 3986
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Sandra Murphy
Date Reported: 2014-05-13
Held for Document Update by: Deb Cooley
Date Held: 2024-10-29
Section 4.1.1.3 says:
4.1.1.3. signatureValue The signatureValue field contains a digital signature computed upon the ASN.1 DER encoded tbsCertificate. The ASN.1 DER encoded tbsCertificate is used as the input to the signature function. This signature value is encoded as a BIT STRING and included in the signature field. The details of this process are specified for each of the algorithms listed in [RFC3279], [RFC4055], and [RFC4491].
It should say:
4.1.1.3. signatureValue The signatureValue field contains a digital signature computed upon the ASN.1 DER encoded tbsCertificate. The ASN.1 DER encoded tbsCertificate is used as the input to the signature function. The output of the signature function is encoded as a BIT STRING and included in the signatureValue field. The details of this process are specified for each of the algorithms listed in [RFC3279], [RFC4055], and [RFC4491].
Notes:
The "included in the signature field" should have been "included in the signatureValue field". A field called "signature" does exist in the 5280 structure, but it is not intended to hold the value of the result of the signature function. The sentence was reworded for word flow (and to avoid using "signature value" and "signatureValue" in the same sentence).
Verifier note: Hold for document update to prevent potential ASN.1 breaks