RFC Errata
Found 2 records.
Status: Held for Document Update (2)
RFC 2595, "Using TLS with IMAP, POP3 and ACAP", June 1999
Note: This RFC has been updated by RFC 4616, RFC 7817, RFC 8314
Source of RFC: LegacyArea Assignment: app
Errata ID: 1076
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Joseph Shraibman
Date Reported: 2007-11-14
Held for Document Update by: Alexey Melnikov
Date Held: 2010-09-03
Section 2.4 says:
- A "*" wildcard character MAY be used as the left-most name component in the certificate. For example, *.example.com would match a.example.com, foo.example.com, etc. but would not match example.com.
It should say:
- A "*" wildcard character MAY be used for the left-most name components in the certificate. For example, *.example.com would match a.example.com, foo.example.com, etc. but would not match example.com or foo.bar.example.com. *.*.example.com would match foo.bar.example.com but would not match foo.example.com.
Notes:
It seems the original wording unintentionally disallowed certificates with *.* wildcards.
Alexey: The submitted errata indicated that multiple wildcards were allowed (e.g., *.*.a.com matches foo.bar.a.com but not foo.com). This is too large of a change to make with an errata. The Security and Application ADs feel a consensus call would be required to make that change. Further, the current practice is to allow only one at the leftmost position. This is being documented in draft-saintandre-tls-server-id-check and its intended to be a BCP.
Errata ID: 3398
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: David Caley
Date Reported: 2012-11-02
Held for Document Update by: Barry Leiba
Section 2.2 says:
Implementations are encouraged to have flexability with respect to the minimal encryption strength or cipher suites permitted.
It should say:
Implementations are encouraged to have flexibility with respect to the minimal encryption strength or cipher suites permitted.