RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 5280, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", May 2008

Source of RFC: pkix (sec)

Errata ID: 5876
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT

Reported By: David Woodhouse
Date Reported: 2019-10-16
Held for Document Update by: Benjamin Kaduk
Date Held: 2019-10-20

Section 4.2.1.6 says:

   When the subjectAltName extension contains an iPAddress, the address
   MUST be stored in the octet string in "network byte order", as
   specified in [RFC791]. 

It should say:

   When the subjectAltName extension contains an IP address, the address
   MUST be stored in the iPAddress (an octet string). The address 
   MUST be stored in the octet string in "network byte order", as
   specified in [RFC791]. 

Notes:

For email addresses and domain names, this section is very prescriptive:

When the subjectAltName extension contains an Internet mail address,
the address MUST be stored in the rfc822Name.
...
When the subjectAltName extension contains a domain name system
label, the domain name MUST be stored in the dNSName…

However, for IP addresses, it's possible to interpret the current wording as saying that *if* you happen to choose the iPAddress form for an IP address, then you must represent that as big-endian. I suspect this was a poor choice of wording and the intent was to say that you MUST use the iPAddress form for an IP address.

Report New Errata