RFC Errata
Found 2 records.
Status: Reported (1)
RFC 8295, "EST (Enrollment over Secure Transport) Extensions", January 2018
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 7626
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Piotr Popis
Date Reported: 2023-09-04
Section 2.1.1. says:
0007 Start DS certificate enrollment: Indicates that the client needs
to begin enrolling its DS certificate. The PAL entry points to
a /simpleenroll URI, which is defined in [RFC7030].
It should say:
0007 Start DS certificate enrollment: Indicates that the client needs
to begin enrolling its DS certificate. The PAL entry points to
a /simpleenroll or a /fullcmc URI, both of which are defined in [RFC7030].
Notes:
Without this change and taking the 0006 definition into consideration, one might assume that a Simple PKI Request doesn't require the /csrattrs URI to be done beforehand, but the enrollment with a Full PKI Request must be preceded by the /csrattrs URI, which is not required - see the rest of the document, especially Section 9 and [RFC7030].
Status: Held for Document Update (1)
RFC 8295, "EST (Enrollment over Secure Transport) Extensions", January 2018
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 8439
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Russ Housley
Date Reported: 2025-05-29
Held for Document Update by: Paul Wouters
Date Held: 2025-06-04
Section Appendix B says:
The ContentInfo is a PKIData:
PKIData ::= SEQUENCE {
reqSequence SEQUENCE SIZE(0..MAX) OF TaggedRequest
}
It should say:
The ContentInfo is a PKIData:
ct-PKIData CONTENT-TYPE ::=
{ PKIData IDENTIFIED BY id-cct-PKIData }
id-cct-PKIData OBJECT IDENTIFIER ::= { iso(1)
identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) cct(12) 2 }
PKIData ::= SEQUENCE {
reqSequence SEQUENCE SIZE(0..MAX) OF TaggedRequest
}
Notes:
Make it clear which object identifier is associated with PIKData.