RFC Errata
RFC 8410, "Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure", August 2018
Note: This RFC has been updated by RFC 9295
Source of RFC: curdle (sec)
Errata ID: 5696
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Lijun Liao
Date Reported: 2019-04-17
Held for Document Update by: Roman Danyliw
Date Held: 2022-04-25
Section 5 says:
If the keyUsage extension is present in a certification authority certificate that indicates id-Ed25519 or id-Ed448, then the keyUsage extension MUST contain one or more of the following values: nonRepudiation; digitalSignature; keyCertSign; and cRLSign.
It should say:
If the keyUsage extension is present in a certification authority certificate that indicates id-Ed25519 or id-Ed448, then the keyUsage extension MUST contain keyCertSign, and zero, one or more of the following values: nonRepudiation; digitalSignature; and cRLSign.
Notes:
The usage keyCertSign must be set in a CA certificate.