RFC Errata
Found 5 records.
Status: Verified (5)
RFC 4683, "Internet X.509 Public Key Infrastructure Subject Identification Method (SIM)", October 2006
Source of RFC: pkix (sec)
Errata ID: 1047
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2007-09-18
Verifier Name: Sean Turner
Date Verified: 2010-07-29
Section A says:
It should say:
id-pkip FROM PKIXCRMF-2005 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-crmf2005(36) }
Notes:
As exposed in Errata 2359 above, the OID 'id-pkip' used on page 19
needs to be IMPORTed from the PKIXCRMF-2005 ASN.1 module in
Appendix B of RFC 4211 -- otherwise the PKIXSIM ASN.1 module
in Appendix A of RFC 4683 will not compile.
Errata ID: 2362
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2007-09-18
Verifier Name: Sean Turner
Date Verified: 2010-07-29
Section A says:
The change exposed in Errata 2358 has to be applied to the collected ASN.1 as well.
Errata ID: 2358
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2007-09-18
Verifier Name: Sean Turner
Date Verified: 2010-07-29
Section 5.1 says:
The ASN.1 at the bottom of page 11 says: SIM ::= SEQUENCE { hashAlg AlgorithmIdentifier, authorityRandom OCTET STRING, -- RA-chosen random number -- used in computation of -- pEPSI | pEPSI OCTET STRING -- hash of HashContent -- with algorithm hashAlg } It should say: SIM ::= SEQUENCE { hashAlg AlgorithmIdentifier, authorityRandom OCTET STRING, -- RA-chosen random number -- used in computation of -- pEPSI | pEPSI OCTET STRING -- hash of hash of | -- HashContent with -- algorithm hashAlg }
It should say:
See above.
Notes:
Rationale:
PEPSI is an iterated hash; see Section 4.4 where the last
line on page 9 says,
where PEPSI = H(H(P || R || SIItype || SII))
-----------------v-------
and Section 5.2 for the definition of HashContent.
Errata ID: 2359
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2007-09-18
Verifier Name: Sean Turner
Date Verified: 2010-07-29
Section 5.3 says:
At the bottom of page 12, Section 5.3 says: id-regEPEPSI OBJECT IDENTIFIER ::= { id-pkip 3 } For instance, a note should be added at the bottom of page 12: id-regEPEPSI OBJECT IDENTIFIER ::= { id-pkip 3 } | | where id-pkip is defined in [RFC4211].
It should say:
See above.
Notes:
The OID, 'id-pkip' is neither defined within RFC 4683 nor imported.
Eventually, I found it being defined in RFC 4211.
That should be made explicit in Section 5.3 of RFC 4683 !
Errata ID: 2355
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2007-09-18
Verifier Name: Sean Turner
Date Verified: 2010-07-29
Section 4.4 says:
On page 10, the second-to-last paragraph of Section 4.4 says: Note that a secure communication channel MUST be used to pass P and | SII passing from the end entity to the RA, to protect them from disclosure or modification. It should say: Note that a secure communication channel MUST be used to pass P and | SII from the end entity to the RA, to protect them from disclosure or modification.
It should say:
See above.