RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 4211, "Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)", September 2005

Note: This RFC has been updated by RFC 9045

Source of RFC: pkix (sec)
See Also: RFC 4211 w/ inline errata

Errata ID: 4797
Status: Verified
Type: Editorial
Publication Format(s) : TEXT

Reported By: Lijun Liao
Date Reported: 2016-09-08
Verifier Name: Stephen Farrell
Date Verified: 2016-09-13

Section 4.1 says:

   3.  The certificate subject places its name in the Certificate
       Template structure along with the public key.  In this case the
       poposkInput field is omitted from the POPOSigningKey structure.
       The signature field is computed over the DER-encoded certificate
       template structure.

It should say:

   3.  The certificate subject places its name in the Certificate
       Template structure along with the public key.  In this case the
       poposkInput field is omitted from the POPOSigningKey structure.
       The signature field is computed over the DER-encoded value of
       certReq

Notes:

The original text conflicts with the following text block (just several lines later).

" The fields of POPOSigningKey have the following meaning:
...

signature contains the POP value produce. If poposkInput is
present, the signature is computed over the DER-encoded value of
poposkInput. If poposkInput is absent, the signature is computed
over the DER-encoded value of certReq."

Report New Errata



Advanced Search