RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 6487, "A Profile for X.509 PKIX Resource Certificates", February 2012

Note: This RFC has been updated by RFC 7318, RFC 8209

Source of RFC: sidr (rtg)

Errata ID: 3174
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: David Mandelberg
Date Reported: 2012-04-03
Rejected by: Stewart Bryant
Date Rejected: 2013-05-06

Section 5 says:

   An RPKI CA MUST include the two extensions, Authority Key Identifier
   and CRL Number, in every CRL that it issues.  RPs MUST be prepared to
   process CRLs with these extensions.  No other CRL extensions are
   allowed.

It should say:

   An RPKI CA MUST include the two extensions, Authority Key Identifier
   and CRL Number, in every CRL that it issues.  The Authority Key
   Identifier extension MUST follow the same restrictions as in
   Section 4.8.3 above.  RPs MUST be prepared to process CRLs with
   these extensions.  No other CRL extensions are allowed.

Notes:

RFC 6487 doesn't specify any restrictions on the format of the AKI extension in CRLs.
--VERIFIER NOTES--
The discussion on the SIDR list concluded that this errata should be rejected, although there appears an issue that may need addressing through a new errata or a revision to the RFC text.

Report New Errata



Advanced Search