RFC Errata
Found 4 records.
Status: Verified (3)
RFC 5917, "Clearance Sponsor Attribute", June 2010
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 4537
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Lars Wilhelmsen
Date Reported: 2015-11-18
Verifier Name: Stephen Farrell
Date Verified: 2015-11-19
Section Introduction says:
This document specifies the clearance sponsor attribute. It is included in public key certificates [RFC5280] and attribute certificates [RFC5755]. This attribute is only meaningful as a companion of the clearance attribute [RFC5755] [RFC5912]. The clearance sponsor is the entity (e.g., agency, department, or organization) that granted the clearance to the subject named in the certificate. For example, the clearance sponsor for a subject asserting the Amoco clearance values [RFC3114] could be "Engineering".
It should say:
This document specifies the clearance sponsor attribute. It is
included in public key certificates [RFC5280] and attribute
certificates [RFC5755]. This attribute is only meaningful as a
companion of the clearance attribute [RFC5755] [RFC5913]. The
clearance sponsor is the entity (e.g., agency, department, or
organization) that granted the clearance to the subject named in the
certificate. For example, the clearance sponsor for a subject
asserting the Amoco clearance values [RFC3114] could be
"Engineering".
RFC 5913 should be added to the references:
[RFC5913] Turner, S. and S. Chokhani, "Clearance Attribute and
Authority Clearance Constraints Certificate Extension",
RFC 5913, June 2010.
Notes:
The first paragraph in the section references RFC 5912. As far as I can see, it should really reference RFC 5913 (Clearance Attribute and Authority Clearance Constraints - Certificate Extension).
Errata ID: 5883
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Russ Housley
Date Reported: 2019-10-25
Verifier Name: Benjamin Kaduk
Date Verified: 2019-10-26
Section Appendix A says:
DirectoryString
PKIX1Explicit-2009
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-pkix1-explicit-02(51) }
It should say:
DirectoryString
FROM PKIX1Explicit-2009
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-pkix1-explicit-02(51) }
Notes:
As already reported in eid4558, the "FROM" is missing. In addition, "-mod" is missing from the text portion of the object identifier.
Errata ID: 5884
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Russ Housley
Date Reported: 2019-10-25
Verifier Name: Benjamin Kaduk
Date Verified: 2019-10-26
Section Appendix A says:
at-clearanceSponsor ATTRIBUTE ::= {
TYPE DirectoryString { ub-clearance-sponsor }
( WITH COMPONENTS { utf8String PRESENT } )
EQUALITY MATCHING RULE caseIgnoreMatch
IDENTIFIED BY id-clearanceSponsor
}
It should say:
at-clearanceSponsor ATTRIBUTE ::= {
TYPE DirectoryString { ub-clearance-sponsor }
( WITH COMPONENTS { uTF8String PRESENT } )
EQUALITY MATCHING RULE caseIgnoreMatch
IDENTIFIED BY id-clearanceSponsor
}
Notes:
The DirectoryString that is imported from RFC 5912 uses a different capitalization for "uTF8String". They need to be the same for the ASN.1 module to compile properly.
Status: Rejected (1)
RFC 5917, "Clearance Sponsor Attribute", June 2010
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 4558
Status: Rejected
Type: Editorial
Publication Format(s) : TEXT
Reported By: Lars Wilhelmsen
Date Reported: 2015-12-07
Rejected by: Benjamin Kaduk
Date Rejected: 2019-10-26
Section Appendix A says:
IMPORTS
-- Imports from New PKIX ASN.1 [RFC5912]
DirectoryString
PKIX1Explicit-2009
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-pkix1-explicit-02(51) }
It should say:
IMPORTS
-- Imports from New PKIX ASN.1 [RFC5912]
DirectoryString
FROM PKIX1Explicit-2009
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-pkix1-explicit-02(51) }
Notes:
Missing "FROM" in import statement.
--VERIFIER NOTES--
While the FROM is indeed missing, there is another error in this text that was reported in eid5883; since that report fully supersedes this one, this errata report is redundant. "Rejected" is the least bad state in which to leave such a report.
