RFC Errata
Found 5 records.
Status: Verified (3)
RFC 8894, "Simple Certificate Enrolment Protocol", September 2020
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 8247
Status: Verified
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: Daniel Van Geest
Date Reported: 2025-01-10
Verifier Name: Deb Cooley
Date Verified: 2025-01-17
Throughout the document, when it says:
authenticated attributes and authenticatedAttributes
It should say:
signed attributes and signedAttrs
Notes:
Throughout the document it refers to "authenticated attributes" and the "authenticatedAttributes" set. However, SCEP uses the SignedData content type which doesn't have an authenticatedAttributes field (other content types do have this field, e.g. the RFC 2630 version of AuthenticatedData). It should refer to signed attributes instead. This aligns with Figure 6 which includes the signerInfo.signedAttrs field.
Note, if this errata is correct then errata 8245 is incorrect.
Errata ID: 6372
Status: Verified
Type: Editorial
Publication Format(s) : TEXT, PDF, HTML
Reported By: Russ Housley
Date Reported: 2020-12-28
Verifier Name: Roman Danyliw
Date Verified: 2022-01-19
Section 3.3.3 says:
The messageData for this type consists of an IssuerAndSubject: issuerAndSubject ::= SEQUENCE { issuer Name, subject Name }
It should say:
The messageData for this type consists of an IssuerAndSubject: IssuerAndSubject ::= SEQUENCE { issuer Name, subject Name }
Notes:
For the ASN.1 to compile properly, the definition must begin with a capital letter.
Errata ID: 8210
Status: Verified
Type: Editorial
Publication Format(s) : TEXT, PDF, HTML
Reported By: Angelica Semenec
Date Reported: 2024-12-10
Verifier Name: RFC Editor
Date Verified: 2024-12-11
Section 2.3 says:
If the key being certified allows encryption, then the CA's CertResp will use the same certificate's public key when encrypting the response.
It should say:
If the key being certified allows encryption, then the CA's CertRep will use the same certificate's public key when encrypting the response.
Notes:
There is no "CertResp" defined in the document. I believe this is supposed to be "CertRep".
Status: Held for Document Update (1)
RFC 8894, "Simple Certificate Enrolment Protocol", September 2020
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 7550
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: Simone Guidi
Date Reported: 2023-06-23
Held for Document Update by: Paul Wouters
Date Held: 2024-01-17
Section 3.1 says:
Once the messageData has been encrypted, it is signed with the sender's public key.
It should say:
Once the messageData has been encrypted, it is signed with the sender's private key.
Notes:
The sender should use their private key, rather than their public key, to sign the data.
Status: Rejected (1)
RFC 8894, "Simple Certificate Enrolment Protocol", September 2020
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 8245
Status: Rejected
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: Angelica Semenec
Date Reported: 2025-01-07
Rejected by: Deb Cooley
Date Rejected: 2025-01-17
Section 3 says:
signerInfo { signedAttrs { transactionID, messageType, pkiStatus, failInfo, -- Optional senderNonce / recipientNonce, }, signature } }
It should say:
signerInfo { authenticatedAttributes { transactionID, messageType, pkiStatus, failInfo, -- Optional senderNonce / recipientNonce, }, signature }
Notes:
There is no reference to "signedAttrs" in the RFC other than once Figure 6. I believe this is supposed to be "authenticatedAttributes" based on the information in section 3.2 and 3.2.1
--VERIFIER NOTES--
See text in Errata 8247 for rejection rationale