RFC Errata
RFC 8410, "Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure", August 2018
Note: This RFC has been updated by RFC 9295
Source of RFC: curdle (sec)
Errata ID: 7070
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Alex Gaynor
Date Reported: 2022-08-02
Section 10.2 says:
-----BEGIN CERTIFICATE----- MIIBLDCB36ADAgECAghWAUdKKo3DMDAFBgMrZXAwGTEXMBUGA1UEAwwOSUVURiBUZX N0IERlbW8wHhcNMTYwODAxMTIxOTI0WhcNNDAxMjMxMjM1OTU5WjAZMRcwFQYDVQQD DA5JRVRGIFRlc3QgRGVtbzAqMAUGAytlbgMhAIUg8AmJMKdUdIt93LQ+91oNvzoNJj ga9OukqY6qm05qo0UwQzAPBgNVHRMBAf8EBTADAQEAMA4GA1UdDwEBAAQEAwIDCDAg BgNVHQ4BAQAEFgQUmx9e7e0EM4Xk97xiPFl1uQvIuzswBQYDK2VwA0EAryMB/t3J5v /BzKc9dNZIpDmAgs3babFOTQbs+BolzlDUwsPrdGxO3YNGhW7Ibz3OGhhlxXrCe1Cg w1AH9efZBw== -----END CERTIFICATE-----
It should say:
A corrected encoding of the certificate.
Notes:
In addition to the mis-encoding described in 6936, there are additional misencodings. The critical field of X.509 extensions have `DEFAULT FALSE` (per RFC 5280). Default field values shall not be encoded in a DER sequence, but in the certificate encoding presented there these critical fields are encoded.