RFC Errata
RFC 8410, "Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure", August 2018
Note: This RFC has been updated by RFC 9295
Source of RFC: curdle (sec)
Errata ID: 6936
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Ryan Culpepper
Date Reported: 2022-04-16
Section 10.2 says:
-----BEGIN CERTIFICATE----- MIIBLDCB36ADAgECAghWAUdKKo3DMDAFBgMrZXAwGTEXMBUGA1UEAwwOSUVURiBUZX N0IERlbW8wHhcNMTYwODAxMTIxOTI0WhcNNDAxMjMxMjM1OTU5WjAZMRcwFQYDVQQD DA5JRVRGIFRlc3QgRGVtbzAqMAUGAytlbgMhAIUg8AmJMKdUdIt93LQ+91oNvzoNJj ga9OukqY6qm05qo0UwQzAPBgNVHRMBAf8EBTADAQEAMA4GA1UdDwEBAAQEAwIDCDAg BgNVHQ4BAQAEFgQUmx9e7e0EM4Xk97xiPFl1uQvIuzswBQYDK2VwA0EAryMB/t3J5v /BzKc9dNZIpDmAgs3babFOTQbs+BolzlDUwsPrdGxO3YNGhW7Ibz3OGhhlxXrCe1Cg w1AH9efZBw== -----END CERTIFICATE-----
It should say:
(re-encode certificate)
Notes:
The example certificate violates RFC 5280. Specifically, the
certificate contains a BasicConstraints extension that explicitly
encodes the cA field with a value of FALSE, but that is the default
value of the cA field, and the Extension extnValue is required to be
encoded using DER, which forbids including a field set to its default
value.
In addition, the PEM-encoded certificate violates RFC 7468, which
requires lines to be wrapped to 64 characters, but the example is
wrapped to 66-character lines.