RFC Errata
RFC 8410, "Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure", August 2018
Note: This RFC has been updated by RFC 9295
Source of RFC: curdle (sec)See Also: RFC 8410 w/ inline errata
Errata ID: 7384
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Russ Housley
Date Reported: 2023-03-12
Verifier Name: Deb Cooley
Date Verified: 2024-04-11
Section 9 says:
sa-Ed25519 SIGNATURE-ALGORITHM ::= { IDENTIFIER id-Ed25519 PARAMS ARE absent PUBLIC-KEYS {pk-Ed25519} SMIME-CAPS { IDENTIFIED BY id-Ed25519 } } pk-Ed25519 PUBLIC-KEY ::= { IDENTIFIER id-Ed25519 -- KEY no ASN.1 wrapping -- PARAMS ARE absent CERT-KEY-USAGE {digitalSignature, nonRepudiation, keyCertSign, cRLSign} PRIVATE-KEY CurvePrivateKey }
It should say:
sa-Ed25519 SIGNATURE-ALGORITHM ::= { IDENTIFIER id-Ed25519 PARAMS ARE absent PUBLIC-KEYS {pk-Ed25519} SMIME-CAPS { IDENTIFIED BY id-Ed25519 } } pk-Ed25519 PUBLIC-KEY ::= { IDENTIFIER id-Ed25519 -- KEY no ASN.1 wrapping -- PARAMS ARE absent CERT-KEY-USAGE {digitalSignature, nonRepudiation, keyCertSign, cRLSign} PRIVATE-KEY CurvePrivateKey } sa-Ed448 SIGNATURE-ALGORITHM ::= { IDENTIFIER id-Ed448 PARAMS ARE absent PUBLIC-KEYS {pk-Ed448} SMIME-CAPS { IDENTIFIED BY id-Ed448 } } pk-Ed448 PUBLIC-KEY ::= { IDENTIFIER id-Ed448 -- KEY no ASN.1 wrapping -- PARAMS ARE absent CERT-KEY-USAGE {digitalSignature, nonRepudiation, keyCertSign, cRLSign} PRIVATE-KEY CurvePrivateKey }
Notes:
The definitions for sa-Ed448 and pk-Ed448 are missing from RFC 8410.