RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 6485, "The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure (RPKI)", February 2012

Note: This RFC has been obsoleted by RFC 7935

Source of RFC: sidr (rtg)
See Also: RFC 6485w/ inline errata

Errata ID: 4339
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Sandra Murphy
Date Reported: 2015-04-20
Verifier Name: Alvaro Retana
Date Verified: 2015-05-21

Section 2. says:

      In a certification request, the OID appears in the PKCS #10
      signatureAlgorithm field [RFC2986] or in the Certificate Request
      Message Format (CRMF) POPOSigningKey signature field [RFC4211].

It should say:

      In a certification request, the OID appears in the PKCS #10
      signatureAlgorithm field [RFC2986] or in the Certificate Request
      Message Format (CRMF) POPOSigningKey algorithmIdentifier field 
      [RFC4211].

Notes:

This is technically a technical change, as it would technically affect implementation, but I believe in fact it is just a typo. Only a very inexperienced implementor would put the RFC6485 algorithm OID in the signature field of the POPOSigningKey.

This problem was noted in a message to the sidr list https://www.ietf.org/mail-archive/web/sidr/current/msg06587.html and supported by another message https://www.ietf.org/mail-archive/web/sidr/current/msg06649.html

At noted in the message to the sidr list, RFC4211 says that the POPOSigningKey is:

POPOSigningKey ::= SEQUENCE {
poposkInput [0] POPOSigningKeyInput OPTIONAL,
algorithmIdentifier AlgorithmIdentifier,
signature BIT STRING }

The OID mentioned in the RFC6485 text is for the algorithm identifier and so should appear in the algorithmIdentifier field, not the signature field.

Report New Errata