RFC Errata
Found 3 records.
Status: Verified (3)
RFC 2560, "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP", June 1999
Note: This RFC has been obsoleted by RFC 6960
Note: This RFC has been updated by RFC 6277
Source of RFC: pkix (sec)
Errata ID: 2253
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Jim Schaad
Date Reported: 2010-05-12
Verifier Name: Tim Polk
Date Verified: 2010-07-20
Section 4.2.1 says:
UnknownInfo ::= NULL -- this can be replaced with an enumeration
It should say:
UnknownInfo ::= NULL
Notes:
The is no way to change this without making existing decoders fail decoding the answer. The comment should therefore be removed
The same line exists in the ASN.1 module and should be removed there as well.
Errata ID: 2329
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Shirley Carter
Date Reported: 2010-07-13
Verifier Name: Tim Polk
Date Verified: 2010-07-20
Section 4.2.2.2.1 says:
CAs issuing such a certificate should realized that
It should say:
CAs issuing such a certificate should realize that
Notes:
simple typo "realized" => "realize"
Errata ID: 3417
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: John Soltes
Date Reported: 2012-11-26
Verifier Name: Sean Turner
Date Verified: 2012-11-26
Section 4.2.2.2 says:
Systems or applications that rely on OCSP responses MUST be capable of detecting and enforcing use of the id-ad-ocspSigning value as described above. and 3. Includes a value of id-ad-ocspSigning in an ExtendedKeyUsage
It should say:
Systems or applications that rely on OCSP responses MUST be capable of detecting and enforcing use of the id-kp-OCSPSigning value as described above. and 3. Includes a value of id-kp-ocspSigning in an ExtendedKeyUsage
Notes:
The first paragraph specifies that an "id-kp-OCSPSigning" value be included, and it then defines that value as "id-kp-OCSPSigning OBJECT IDENTIFIER ::= {id-kp 9}", yet the second paragraph and the third listed alternative specify the use of an "id-ad-ocspSigning" value, which is not defined.
Also, the double quote mark at the end of the third listed alternative should be removed.