RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 8410, "Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure", August 2018

Note: This RFC has been updated by RFC 9295

Source of RFC: curdle (sec)

Errata ID: 5696
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT

Reported By: Lijun Liao
Date Reported: 2019-04-17
Held for Document Update by: Roman Danyliw
Date Held: 2022-04-25

Section 5 says:

   If the keyUsage extension is present in a certification authority
   certificate that indicates id-Ed25519 or id-Ed448, then the keyUsage
   extension MUST contain one or more of the following values:

          nonRepudiation;
          digitalSignature;
          keyCertSign; and
          cRLSign.

It should say:

   If the keyUsage extension is present in a certification authority
   certificate that indicates id-Ed25519 or id-Ed448, then the keyUsage
   extension MUST contain keyCertSign, and zero, one or more of the
   following values:

          nonRepudiation;
          digitalSignature; and
          cRLSign.

Notes:

The usage keyCertSign must be set in a CA certificate.

Report New Errata



Advanced Search