RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 6960, "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP", June 2013

Note: This RFC has been updated by RFC 8954, RFC 9654

Source of RFC: pkix (sec)
See Also: RFC 6960 w/ inline errata

Errata ID: 6166
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Yury Strozhevsky
Date Reported: 2020-05-11
Verifier Name: Deb Cooley
Date Verified: 2024-06-04

Section Appendix B.2 says:

KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key
                         -- (excluding the tag and length fields)

It should say:

KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key
                         -- (i.e., the SHA-1 hash of the value of the
                         -- BIT STRING subjectPublicKey [excluding
                         -- the tag, length, and number of unused
                         -- bits] in the responder's certificate)

Notes:

These two descriptions of KeyHash produce different SHA-1 hashes due to different values: one is pure BIT STRING value block, with "unused bits" byte, but other - without "unused byte". Also the Appendix B.2 must be aligned with Appendix B.1 information.

Report New Errata



Advanced Search