RFC Errata
RFC 8410, "Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure", August 2018
Note: This RFC has been updated by RFC 9295
Source of RFC: curdle (sec)See Also: RFC 8410 w/ inline errata
Errata ID: 7384
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Russ Housley
Date Reported: 2023-03-12
Verifier Name: Deb Cooley
Date Verified: 2024-04-11
Section 9 says:
sa-Ed25519 SIGNATURE-ALGORITHM ::= {
IDENTIFIER id-Ed25519
PARAMS ARE absent
PUBLIC-KEYS {pk-Ed25519}
SMIME-CAPS { IDENTIFIED BY id-Ed25519 }
}
pk-Ed25519 PUBLIC-KEY ::= {
IDENTIFIER id-Ed25519
-- KEY no ASN.1 wrapping --
PARAMS ARE absent
CERT-KEY-USAGE {digitalSignature, nonRepudiation,
keyCertSign, cRLSign}
PRIVATE-KEY CurvePrivateKey
}
It should say:
sa-Ed25519 SIGNATURE-ALGORITHM ::= {
IDENTIFIER id-Ed25519
PARAMS ARE absent
PUBLIC-KEYS {pk-Ed25519}
SMIME-CAPS { IDENTIFIED BY id-Ed25519 }
}
pk-Ed25519 PUBLIC-KEY ::= {
IDENTIFIER id-Ed25519
-- KEY no ASN.1 wrapping --
PARAMS ARE absent
CERT-KEY-USAGE {digitalSignature, nonRepudiation,
keyCertSign, cRLSign}
PRIVATE-KEY CurvePrivateKey
}
sa-Ed448 SIGNATURE-ALGORITHM ::= {
IDENTIFIER id-Ed448
PARAMS ARE absent
PUBLIC-KEYS {pk-Ed448}
SMIME-CAPS { IDENTIFIED BY id-Ed448 }
}
pk-Ed448 PUBLIC-KEY ::= {
IDENTIFIER id-Ed448
-- KEY no ASN.1 wrapping --
PARAMS ARE absent
CERT-KEY-USAGE {digitalSignature, nonRepudiation,
keyCertSign, cRLSign}
PRIVATE-KEY CurvePrivateKey
}
Notes:
The definitions for sa-Ed448 and pk-Ed448 are missing from RFC 8410.