RFC Errata
RFC 6960, "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP", June 2013
Note: This RFC has been updated by RFC 8954, RFC 9654
Source of RFC: pkix (sec)See Also: RFC 6960 w/ inline errata
Errata ID: 6167
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Yury Strozhevsky
Date Reported: 2020-05-11
Verifier Name: Deb Cooley
Date Verified: 2024-06-04
Section 4.2.1 says:
KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key (excluding the tag and length fields)
It should say:
KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key -- (i.e., the SHA-1 hash of the value of the -- BIT STRING subjectPublicKey [excluding -- the tag, length, and number of unused -- bits] in the responder's certificate)
Notes:
Same explanationa as for https://www.rfc-editor.org/errata/eid6166