RFC Errata
RFC 9483, "Lightweight Certificate Management Protocol (CMP) Profile", November 2023
Source of RFC: lamps (sec)See Also: RFC 9483 w/ inline errata
Errata ID: 8184
Status: Verified
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: Rajeev Ranjan
Date Reported: 2024-11-20
Verifier Name: Deb Cooley
Date Verified: 2024-11-21
Section 4.1.6.2 says:
rid REQUIRED
-- MUST contain the subjectKeyIdentifier of the CMP protection
-- certificate, if available, in the rKeyId choice, and the
-- subjectKeyIdentifier MUST equal the senderKID in the
-- PKIHeader.
-- If the CMP protection certificate does not contain a
-- subjectKeyIdentifier, the issuerAndSerialNumber choice MUST
-- be used
It should say:
rid REQUIRED
-- MUST contain the subjectKeyIdentifier of the CMP protection
-- certificate of the request message, if available, in the
-- rKeyId choice. The subjectKeyIdentifier is equal
-- the senderKID in the PKIHeader of that message.
-- If the CMP protection certificate of the request message does
-- not contain a subjectKeyIdentifier, the issuerAndSerialNumber
-- choice MUST be used.
Notes:
1. rid value must be taken from CMP protection certificate of request message as it is used to identify the recipient using key agreement.
2. senderKID refer to value in request message, and here we are preparing the response message. So MUST is removed.