RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 2 records.

Status: Verified (1)

RFC 8994, "An Autonomic Control Plane (ACP)", May 2021

Source of RFC: anima (ops)

Errata ID: 7071
Status: Verified
Type: Editorial
Publication Format(s) : TEXT, PDF, HTML

Reported By: Corey Bonnell
Date Reported: 2022-08-04
Verifier Name: Rob Wilton
Date Verified: 2024-01-15

Section 6.2.2 says:

   The acp-node-name in Figure 2 is the ABNF definition ("Augmented BNF
   for Syntax Specifications: ABNF" [RFC5234]) of the ACP Node Name.  An
   ACP certificate MUST carry this information.  It MUST contain an
   otherName field in the X.509 Subject Alternative Name extension, and
   the otherName MUST contain an AcpNodeName as described in
   Section 6.2.2.

It should say:

   The acp-node-name in Figure 2 is the ABNF definition ("Augmented BNF
   for Syntax Specifications: ABNF" [RFC5234]) of the ACP Node Name.  An
   ACP certificate MUST carry this information.  It MUST contain an
   otherName field in the X.509 Subject Alternative Name extension, and
   the otherName MUST contain an AcpNodeName as described in
   Section 6.2.2.1.

Notes:

David von Oheimb discovered [1] that section 6.2.2 is self-referential and incorrect regarding the section reference to the ASN.1 module.

The correct section number is 6.2.2.1.

[1] https://mailarchive.ietf.org/arch/msg/spasm/-ymZk94KFzzolZSsJh6HONnypXQ/

Status: Held for Document Update (1)

RFC 8994, "An Autonomic Control Plane (ACP)", May 2021

Source of RFC: anima (ops)

Errata ID: 7558
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT, PDF, HTML

Reported By: J. William Atwood
Date Reported: 2023-07-02
Held for Document Update by: Rob Wilton
Date Held: 2024-01-15

Section 6.2.1 says:

   ACP nodes MUST NOT support certificates with RSA public keys of less
   than a 2048-bit modulus or curves with group order of less than 256
   bits.  They MUST support certificates with RSA public keys with
   2048-bit modulus and MAY support longer RSA keys.  They MUST support
   certificates with ECC public keys using NIST P-256 curves and SHOULD
   support P-384 and P-521 curves.

   ACP nodes MUST NOT support certificates with RSA public keys whose
   modulus is less than 2048 bits, or certificates whose ECC public keys
   are in groups whose order is less than 256 bits.  RSA signing
   certificates with 2048-bit public keys MUST be supported, and such
   certificates with longer public keys MAY be supported.  ECDSA
   certificates using the NIST P-256 curve MUST be supported, and such
   certificates using the P-384 and P-521 curves SHOULD be supported.

It should say:

   ACP nodes MUST NOT support certificates with RSA public keys whose
   modulus is less than 2048 bits, or certificates whose ECC public keys
   are in groups whose order is less than 256 bits.  RSA signing
   certificates with 2048-bit public keys MUST be supported, and such
   certificates with longer public keys MAY be supported.  ECDSA
   certificates using the NIST P-256 curve MUST be supported, and such
   certificates using the P-384 and P-521 curves SHOULD be supported.

Notes:

The second paragraph in the original text appears to be a more carefully-written version of the first paragraph. Therefore the first paragraph should be deleted and the second paragraph retained.

Report New Errata



Advanced Search