RFC Errata
Found 6 records.
Status: Verified (1)
RFC 4985, "Internet X.509 Public Key Infrastructure Subject Alternative Name for Expression of Service Name", August 2007
Source of RFC: pkix (sec)
Errata ID: 2520
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Stefan Santesson
Date Reported: 2010-09-14
Verifier Name: Tim Polk
Date Verified: 2011-03-09
Section 2 says:
Name The DNS domain name of the domain where the specified service is located.
It should say:
Name A DNS domain name, representing a domain for which the certificate issuer has asserted that the certified subject is a legitimate provider of the identified service.
Notes:
The current text is ambiguous compared with the defined meaning of this name form given in the RFC.
The definition of this component is given in the overall definition as:
"The content of the components of this name form MUST be consistent
with the corresponding definition of these components in an SRV RR
according to RFC 2782 [N3]."
And later in the same section:
"The purpose of the SRVName is limited to authorization of
service provision within a domain."
The changed text makes it clear that the domain is the domain where the certified host is a legitimate service provider, which may or may not be the domain where the same host is located. Thus the changed text harmonize with the rest of the document.
Status: Held for Document Update (5)
RFC 4985, "Internet X.509 Public Key Infrastructure Subject Alternative Name for Expression of Service Name", August 2007
Source of RFC: pkix (sec)
Errata ID: 2396
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2007-09-18
Held for Document Update by: Sean Turner
Date Held: 2010-07-29
Section 5 says:
The second paragraph of Section 5 (on page 6 of RFC 4985) says: When X.509 certificates enhanced with the name form specified in this standard is used to enhance authentication of service discovery based on an SRV RR query to a DNS server, all security considerations of RFC 2782 applies.
It should say:
When X.509 certificates enhanced with the name form specified in this | standard are used to enhance authentication of service discovery based on an SRV RR query to a DNS server, all security considerations of RFC 2782 applies.
Errata ID: 2397
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2007-09-18
Held for Document Update by: Sean Turner
Date Held: 2010-07-29
Section 2 says:
Within Section 2, the 3rd-to-last paragraph on page 3 says: Even though this name form is based on the service resource record (SRV RR) definition in RFC 2782 [N3] and may be used to enhance subsequent authentication of DNS-based service discovery, this standard does not define any new conditions or requirements regarding | use of SRV RR for service discovery or where and when such use is appropriate. ^^
It should say:
It should say: Even though this name form is based on the service resource record (SRV RR) definition in RFC 2782 [N3] and may be used to enhance subsequent authentication of DNS-based service discovery, this standard does not define any new conditions or requirements regarding | the use of SRV RRs for service discovery or where and when such use ^^^^ ^^^ is appropriate.
Errata ID: 2399
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2007-09-18
Held for Document Update by: Sean Turner
Date Held: 2010-07-29
Section 1 says:
The last paragraph of Section 1, on page 2 of RFC 4985, says: v | Current dNSName GeneralName Subject Alternative name form only provides for DNS host names to be expressed in "preferred name syntax", as specified by RFC 1034 [N4]. [...]
It should say:
It should say: vvvvv | The current dNSName GeneralName Subject Alternative name form only provides for DNS host names to be expressed in "preferred name syntax", as specified by RFC 1034 [N4]. [...]
Errata ID: 1012
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2007-09-18
Held for Document Update by: Sean Turner
Date Held: 2010-07-29
Section 1 says:
RFC 4985 repeatedly uses inprecise terms like "domain name", "DNS domain name", or even merely the pattern "host.example.com" (in Section 4), in places where preferably the established precise term "fully qualified domain name" (FQDN) should have been used.
Errata ID: 2395
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2007-09-18
Held for Document Update by: Sean Turner
Date Held: 2010-07-29
Section A.2 says:
-- In the GeneralName definition using the 1993 ASN.1 syntax
It should say:
-- The GeneralName definition using the 1993 ASN.1 syntax