RFC 4055, "Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", June 2005

Note: This RFC has been updated by RFC 5756

Errata ID: 5325
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Ryan Sleevi
Date Reported: 2018-04-13
Held for Document Update by: Benjamin Kaduk
Date Held: 2018-10-10

Section 4055 says:

If the keyUsage extension is present in a certificate conveys an RSA
public key with the id-RSAES-OAEP object identifier, then the
keyUsage extension MUST contain only the following values:

It should say:

If the keyUsage extension is present in a certificate that conveys an
RSA public key with the id-RSAES-OAEP object identifier, then the
keyUsage extension MUST contain only the following values:

Notes:

The certificate, rather than the keyUsage extension, conveys the id-RSAES-OAEP OID.

This was likely a typo based on the wording of the previous paragraph, "When a certificate conveys an RSA public key". This aligns the language with the paragraph earlier in this section, "If the keyUsage extension is present in an end-entity certificate that conveys an RSA public key".

Report New Errata