RFC Errata
RFC 4055, "Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", June 2005
Note: This RFC has been updated by RFC 5756
Source of RFC: pkix (sec)
Errata ID: 5325
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Ryan Sleevi
Date Reported: 2018-04-13
Held for Document Update by: Benjamin Kaduk
Date Held: 2018-10-10
Section 4055 says:
If the keyUsage extension is present in a certificate conveys an RSA public key with the id-RSAES-OAEP object identifier, then the keyUsage extension MUST contain only the following values:
It should say:
If the keyUsage extension is present in a certificate that conveys an RSA public key with the id-RSAES-OAEP object identifier, then the keyUsage extension MUST contain only the following values:
Notes:
The certificate, rather than the keyUsage extension, conveys the id-RSAES-OAEP OID.
This was likely a typo based on the wording of the previous paragraph, "When a certificate conveys an RSA public key". This aligns the language with the paragraph earlier in this section, "If the keyUsage extension is present in an end-entity certificate that conveys an RSA public key".