RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 8410, "Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure", August 2018

Source of RFC: curdle (sec)

Errata ID: 6936
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Ryan Culpepper
Date Reported: 2022-04-16

Section 10.2 says:

   -----BEGIN CERTIFICATE-----
   MIIBLDCB36ADAgECAghWAUdKKo3DMDAFBgMrZXAwGTEXMBUGA1UEAwwOSUVURiBUZX
   N0IERlbW8wHhcNMTYwODAxMTIxOTI0WhcNNDAxMjMxMjM1OTU5WjAZMRcwFQYDVQQD
   DA5JRVRGIFRlc3QgRGVtbzAqMAUGAytlbgMhAIUg8AmJMKdUdIt93LQ+91oNvzoNJj
   ga9OukqY6qm05qo0UwQzAPBgNVHRMBAf8EBTADAQEAMA4GA1UdDwEBAAQEAwIDCDAg
   BgNVHQ4BAQAEFgQUmx9e7e0EM4Xk97xiPFl1uQvIuzswBQYDK2VwA0EAryMB/t3J5v
   /BzKc9dNZIpDmAgs3babFOTQbs+BolzlDUwsPrdGxO3YNGhW7Ibz3OGhhlxXrCe1Cg
   w1AH9efZBw==
   -----END CERTIFICATE-----

It should say:

(re-encode certificate)

Notes:

The example certificate violates RFC 5280. Specifically, the
certificate contains a BasicConstraints extension that explicitly
encodes the cA field with a value of FALSE, but that is the default
value of the cA field, and the Extension extnValue is required to be
encoded using DER, which forbids including a field set to its default
value.

In addition, the PEM-encoded certificate violates RFC 7468, which
requires lines to be wrapped to 64 characters, but the example is
wrapped to 66-character lines.

Report New Errata



Advanced Search