RFC Errata
RFC 4211, "Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)", September 2005
Note: This RFC has been updated by RFC 9045
Source of RFC: pkix (sec)
Errata ID: 2595
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Nikolai Malykh
Date Reported: 2010-10-29
Held for Document Update by: Sean Turner
Section 2.1 says:
7. Replaced Appendix A with a reference to [RFC2875]. The only difference is that the old text specified to use subject alt name instead of subject name if subject name was empty. This is not possible for a CA certificate issued using PKIX. It would however be useful to update RFC 2875 to have this fallback position. 7. Insert Appendix C describing why POP is necessary and what some of the different POP attacks are. 8. pop field in the CertReqMsg structure has been renamed to popo to avoid confusion between POP and pop. 9. The use of the EncryptedValue structure has been deprecated in favor of the EnvelopedData structure. 10. Add details on how private keys are to be structured when encrypted. 11. Allow for POP on key agreement algorithms other than DH.
It should say:
7. Replaced Appendix A with a reference to [RFC2875]. The only difference is that the old text specified to use subject alt name instead of subject name if subject name was empty. This is not possible for a CA certificate issued using PKIX. It would however be useful to update RFC 2875 to have this fallback position. 8. Insert Appendix C describing why POP is necessary and what some of the different POP attacks are. 9. pop field in the CertReqMsg structure has been renamed to popo to avoid confusion between POP and pop. 10. The use of the EncryptedValue structure has been deprecated in favor of the EnvelopedData structure. 11. Add details on how private keys are to be structured when encrypted. 12. Allow for POP on key agreement algorithms other than DH.
Notes:
Item 7 erroneously repeated.