RFC Errata
Found 2 records.
Status: Verified (1)
RFC 8994, "An Autonomic Control Plane (ACP)", May 2021
Source of RFC: anima (ops)
Errata ID: 7071
Status: Verified
Type: Editorial
Publication Format(s) : TEXT, PDF, HTML
Reported By: Corey Bonnell
Date Reported: 2022-08-04
Verifier Name: Rob Wilton
Date Verified: 2024-01-15
Section 6.2.2 says:
The acp-node-name in Figure 2 is the ABNF definition ("Augmented BNF
for Syntax Specifications: ABNF" [RFC5234]) of the ACP Node Name. An
ACP certificate MUST carry this information. It MUST contain an
otherName field in the X.509 Subject Alternative Name extension, and
the otherName MUST contain an AcpNodeName as described in
Section 6.2.2.
It should say:
The acp-node-name in Figure 2 is the ABNF definition ("Augmented BNF
for Syntax Specifications: ABNF" [RFC5234]) of the ACP Node Name. An
ACP certificate MUST carry this information. It MUST contain an
otherName field in the X.509 Subject Alternative Name extension, and
the otherName MUST contain an AcpNodeName as described in
Section 6.2.2.1.
Notes:
David von Oheimb discovered [1] that section 6.2.2 is self-referential and incorrect regarding the section reference to the ASN.1 module.
The correct section number is 6.2.2.1.
[1] https://mailarchive.ietf.org/arch/msg/spasm/-ymZk94KFzzolZSsJh6HONnypXQ/
Status: Held for Document Update (1)
RFC 8994, "An Autonomic Control Plane (ACP)", May 2021
Source of RFC: anima (ops)
Errata ID: 7558
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT, PDF, HTML
Reported By: J. William Atwood
Date Reported: 2023-07-02
Held for Document Update by: Rob Wilton
Date Held: 2024-01-15
Section 6.2.1 says:
ACP nodes MUST NOT support certificates with RSA public keys of less than a 2048-bit modulus or curves with group order of less than 256 bits. They MUST support certificates with RSA public keys with 2048-bit modulus and MAY support longer RSA keys. They MUST support certificates with ECC public keys using NIST P-256 curves and SHOULD support P-384 and P-521 curves. ACP nodes MUST NOT support certificates with RSA public keys whose modulus is less than 2048 bits, or certificates whose ECC public keys are in groups whose order is less than 256 bits. RSA signing certificates with 2048-bit public keys MUST be supported, and such certificates with longer public keys MAY be supported. ECDSA certificates using the NIST P-256 curve MUST be supported, and such certificates using the P-384 and P-521 curves SHOULD be supported.
It should say:
ACP nodes MUST NOT support certificates with RSA public keys whose modulus is less than 2048 bits, or certificates whose ECC public keys are in groups whose order is less than 256 bits. RSA signing certificates with 2048-bit public keys MUST be supported, and such certificates with longer public keys MAY be supported. ECDSA certificates using the NIST P-256 curve MUST be supported, and such certificates using the P-384 and P-521 curves SHOULD be supported.
Notes:
The second paragraph in the original text appears to be a more carefully-written version of the first paragraph. Therefore the first paragraph should be deleted and the second paragraph retained.