RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 7958, "DNSSEC Trust Anchor Publication for the Root Zone", August 2016

Source of RFC: INDEPENDENT
See Also: RFC 7958w/ inline errata

Errata ID: 5932
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Paul Hoffman
Date Reported: 2019-12-11
Verifier Name: Adrian Farrel
Date Verified: 2020-01-26

Section 2.1.2 says:

  Note that the KeyDigest element is optional; if it
  is not given, the trust anchor can be used until a KeyDigest element
  covering the same DNSKEY record, but having a validUntil attribute,
  is trusted by the relying party.

It should say:

  Note that the validUntil attribute of the KeyDigest element is
  optional. If the relying party is using a trust anchor that has a
  KeyDigest element that does not have a validUntil attribute, it can
  change to a trust anchor with a KeyDigest element that does have a
  validUntil attribute, as long as that trust anchor's validUntil
  attribute is in the future and the DNSKEY elements of the KeyDigest
  are the same as the previous trust anchor.

Notes:

It is the validUntil attribute that is optional, not the KeyDigest element. Also, it was noted that the sentence did not clearly explain the logic.

Report New Errata