Errata Search
RFC Number:		Errata ID:
Source of RFC		Status:	All/Any Verified+Reported Verified Reported Held for Document Update Rejected
Area Acronym:	All/Any app art gen int ops rai rtg sec tsv wit	Type:	All/Any Editorial Technical
WG Acronym:		Submitter Name:
Other:	All/Any IAB INDEPENDENT IRTF Legacy Editorial	Date Submitted:
Summary Table Full Records

Found 3 records.

Status: Verified (1)

RFC 6962, "Certificate Transparency", June 2013

Note: This RFC has been obsoleted by RFC 9162

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 3686
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Eran Messeri
Date Reported: 2013-07-26
Verifier Name: Stephen Farrell
Date Verified: 2014-07-03

Section 4.2 says:

chain:  An array of base64-encoded Precertificates.  The first
         element is the end-entity certificate; the second chains to the
         first and so on to the last, which is either the root
         certificate or a certificate that chains to a known root
         certificate.

It should say:

chain:  An array of base64-encoded Precertificate and certificates. 
         The first element is the end-entity precertificate; the second
         chains to the first and so on to the last, which is either the
         root certificate or a certificate that chains to a known root
         certificate. Only the first element in the array may be
         a precertificate.

Notes:

The current description of Add PreCertChain implies the array may consist of multiple Precertificates. In practice it only makes sense for the first element to be a Precertificate, the following elements should be proper certificates.

Status: Reported (2)

RFC 6962, "Certificate Transparency", June 2013

Note: This RFC has been obsoleted by RFC 9162

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 4204
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Paul Hadfield
Date Reported: 2014-12-18

Section 3.1 says:

   "precertificate_chain" is a chain of additional certificates required
   to verify the Precertificate submission.  The first certificate MAY
   be a valid Precertificate Signing Certificate and MUST certify the
   first certificate.  Each following certificate MUST directly certify
   the one preceding it.  The final certificate MUST be a root
   certificate accepted by the log.

It should say:

   "precertificate_chain" is a chain of additional certificates required
   to verify the Precertificate submission.  The first certificate MAY
   be a valid Precertificate Signing Certificate and MUST certify the
   Precertificate.  Each following certificate MUST directly certify
   the one preceding it.  The final certificate MUST be a root
   certificate accepted by the log.

Notes:

It seems to be a cut and paste error that affects the meaning.

Errata ID: 4286
Status: Reported
Type: Editorial
Publication Format(s) : TEXT
Reported By: Ben Laurie
Date Reported: 2015-03-04

Section 3 says:

When a valid certificate is submitted to a log, the log MUST
immediately return a Signed Certificate Timestamp (SCT).

It should say:

When a valid certificate or Precertificate is submitted to a log, the
log MUST immediately return a Signed Certificate Timestamp (SCT).

Report New Errata