RFC Errata
Found 3 records.
Status: Verified (1)
RFC 6962, "Certificate Transparency", June 2013
Note: This RFC has been obsoleted by RFC 9162
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 3686
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Eran Messeri
Date Reported: 2013-07-26
Verifier Name: Stephen Farrell
Date Verified: 2014-07-03
Section 4.2 says:
chain: An array of base64-encoded Precertificates. The first element is the end-entity certificate; the second chains to the first and so on to the last, which is either the root certificate or a certificate that chains to a known root certificate.
It should say:
chain: An array of base64-encoded Precertificate and certificates. The first element is the end-entity precertificate; the second chains to the first and so on to the last, which is either the root certificate or a certificate that chains to a known root certificate. Only the first element in the array may be a precertificate.
Notes:
The current description of Add PreCertChain implies the array may consist of multiple Precertificates. In practice it only makes sense for the first element to be a Precertificate, the following elements should be proper certificates.
Status: Reported (2)
RFC 6962, "Certificate Transparency", June 2013
Note: This RFC has been obsoleted by RFC 9162
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 4204
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Paul Hadfield
Date Reported: 2014-12-18
Section 3.1 says:
"precertificate_chain" is a chain of additional certificates required to verify the Precertificate submission. The first certificate MAY be a valid Precertificate Signing Certificate and MUST certify the first certificate. Each following certificate MUST directly certify the one preceding it. The final certificate MUST be a root certificate accepted by the log.
It should say:
"precertificate_chain" is a chain of additional certificates required to verify the Precertificate submission. The first certificate MAY be a valid Precertificate Signing Certificate and MUST certify the Precertificate. Each following certificate MUST directly certify the one preceding it. The final certificate MUST be a root certificate accepted by the log.
Notes:
It seems to be a cut and paste error that affects the meaning.
Errata ID: 4286
Status: Reported
Type: Editorial
Publication Format(s) : TEXT
Reported By: Ben Laurie
Date Reported: 2015-03-04
Section 3 says:
When a valid certificate is submitted to a log, the log MUST immediately return a Signed Certificate Timestamp (SCT).
It should say:
When a valid certificate or Precertificate is submitted to a log, the log MUST immediately return a Signed Certificate Timestamp (SCT).