RFC Errata
RFC 4210, "Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP)", September 2005
Note: This RFC has been updated by RFC 6712, RFC 9480, RFC 9481
Source of RFC: pkix (sec)
Errata ID: 5731
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Lijun Liao
Date Reported: 2019-05-22
Held for Document Update by: Roman Danyliw
Date Held: 2022-04-27
Throughout the document, when it says:
N/A
It should say:
N/A
Notes:
In appendixes D.4, D.5, E.5 and E.6, the recipient field of requests and the sender field of responses are specified as "the name of the CA". It is no problem for CA which signs the CMP response.
However, as best practice, the CA's private key which is used to sign the certificates, is NOT RECOMMENDED to sign/decrypt the communication messages. In this case, another entity (private key + certificate) is used to decrypt the incoming messages and sign the outgoing ones.
The text and comment for the fields "recipient" in requests and "sender" in responses need to be corrected to the case described above. If you think the original text and comment are correct, then we need instruction on how to handle this case.