RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

RFC 8410, "Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure", August 2018

Source of RFC: curdle (sec)

Errata ID: 6229
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: David von Oheimb
Date Reported: 2020-07-12

Section 10.2 says:

An example of a self-issued PKIX certificate using Ed25519 to sign an
X25519 public key would be


The given example certificate is self-issued but not self-signed (which is fine because its public key cannot be used for signing).
It includes a subjectKeyIdentifier but not an authorityKeyIdentifier.

For not self-signed certificates RFC 5280 requires in section (https://tools.ietf.org/html/rfc5280#section- that the authorityKeyIdentifier is present.

Thus for such an example certificate the authorityKeyIdentifier MUST be added in order to be a conforming certificate.
Otherwise, cert chain validation will be mislead to assume that the certificate is self-signed (while usually not actually verifying this supposition).

Report New Errata