RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 3 records.

Status: Verified (3)

RFC 5917, "Clearance Sponsor Attribute", June 2010

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 4537
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Lars Wilhelmsen
Date Reported: 2015-11-18
Verifier Name: Stephen Farrell
Date Verified: 2015-11-19

Section Introduction says:

This document specifies the clearance sponsor attribute.  It is
   included in public key certificates [RFC5280] and attribute
   certificates [RFC5755].  This attribute is only meaningful as a
   companion of the clearance attribute [RFC5755] [RFC5912].  The
   clearance sponsor is the entity (e.g., agency, department, or
   organization) that granted the clearance to the subject named in the
   certificate.  For example, the clearance sponsor for a subject
   asserting the Amoco clearance values [RFC3114] could be
   "Engineering".

It should say:

This document specifies the clearance sponsor attribute.  It is
   included in public key certificates [RFC5280] and attribute
   certificates [RFC5755].  This attribute is only meaningful as a
   companion of the clearance attribute [RFC5755] [RFC5913].  The
   clearance sponsor is the entity (e.g., agency, department, or
   organization) that granted the clearance to the subject named in the
   certificate.  For example, the clearance sponsor for a subject
   asserting the Amoco clearance values [RFC3114] could be
  "Engineering".

RFC 5913 should be added to the references:

   [RFC5913]  Turner, S. and S. Chokhani, "Clearance Attribute and
                        Authority Clearance Constraints Certificate Extension",
                        RFC 5913, June 2010.

Notes:

The first paragraph in the section references RFC 5912. As far as I can see, it should really reference RFC 5913 (Clearance Attribute and Authority Clearance Constraints - Certificate Extension).

Errata ID: 5883
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Russ Housley
Date Reported: 2019-10-25
Verifier Name: Benjamin Kaduk
Date Verified: 2019-10-26

Section Appendix A says:

     DirectoryString
       PKIX1Explicit-2009
         { iso(1) identified-organization(3) dod(6) internet(1)
           security(5) mechanisms(5) pkix(7) id-mod(0)
           id-pkix1-explicit-02(51) }

It should say:

     DirectoryString
       FROM PKIX1Explicit-2009
         { iso(1) identified-organization(3) dod(6) internet(1)
           security(5) mechanisms(5) pkix(7) id-mod(0)
           id-mod-pkix1-explicit-02(51) }

Notes:

As already reported in eid4558, the "FROM" is missing. In addition, "-mod" is missing from the text portion of the object identifier.

Errata ID: 5884
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Russ Housley
Date Reported: 2019-10-25
Verifier Name: Benjamin Kaduk
Date Verified: 2019-10-26

Section Appendix A says:

   at-clearanceSponsor ATTRIBUTE ::= {
     TYPE                   DirectoryString { ub-clearance-sponsor }
                            ( WITH COMPONENTS { utf8String PRESENT } )
     EQUALITY MATCHING RULE caseIgnoreMatch
     IDENTIFIED BY          id-clearanceSponsor
   }

It should say:

   at-clearanceSponsor ATTRIBUTE ::= {
     TYPE                   DirectoryString { ub-clearance-sponsor }
                            ( WITH COMPONENTS { uTF8String PRESENT } )
     EQUALITY MATCHING RULE caseIgnoreMatch
     IDENTIFIED BY          id-clearanceSponsor
   }

Notes:

The DirectoryString that is imported from RFC 5912 uses a different capitalization for "uTF8String". They need to be the same for the ASN.1 module to compile properly.

Report New Errata



Advanced Search