Errata Search
RFC Number:		Errata ID:
Source of RFC		Status:	All/Any Verified+Reported Verified Reported Held for Document Update Rejected
Area Acronym:	All/Any app art gen int ops rai rtg sec tsv wit	Type:	All/Any Editorial Technical
WG Acronym:		Submitter Name:
Other:	All/Any IAB INDEPENDENT IRTF Legacy Editorial	Date Submitted:
Summary Table Full Records

Found 2 records.

Status: Verified (1)

RFC 9286, "Manifests for the Resource Public Key Infrastructure (RPKI)", June 2022

Source of RFC: sidrops (ops)

Errata ID: 7118
Status: Verified
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: Job Snijders
Date Reported: 2022-09-03
Verifier Name: Warren Kumari (Ops AD)
Date Verified: 2022-09-06

Section Appendix A says:

fileList           SEQUENCE SIZE (0..MAX) OF FileAndHash

It should say:

fileList           SEQUENCE SIZE (1..MAX) OF FileAndHash

Notes:

Section 7 specifies " A CA's manifest will always contain at least one entry"; therefor, a fileList sequence of size 0 is invalid.

Status: Rejected (1)

RFC 9286, "Manifests for the Resource Public Key Infrastructure (RPKI)", June 2022

Source of RFC: sidrops (ops)

Errata ID: 7243
Status: Rejected
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: Ties de Kock
Date Reported: 2022-11-07
Rejected by: Mohamed Boucadair
Date Rejected: 2025-03-28

Section 4.2.1. Manifest says:

   thisUpdate:
      This field contains the time when the manifest was created.  This
      field has the same format constraints as specified in [RFC5280]
      for the CRL field of the same name.  The issuer MUST ensure that
      the value of this field is more recent than any previously
      generated manifest.  Each RP MUST verify that this field value is
      greater (more recent) than the most recent manifest it has
      validated.  If this field in a purported "new" manifest is smaller
      (less recent) than previously validated manifests, the RP SHOULD
      use locally cached versions of objects, as described in
      Section 6.6.

It should say:

    thisUpdate:
      This field contains the time when the manifest was created. This
      field has the same format constraints as specified in [RFC5280]
      for the CRL field of the same name. The issuer MUST ensure that
      the value of this field is equal to the current time and higher or
      equal to the thisUpdate of any previously generated manifest. Each
      RP MUST verify that this field value is greater or equal to (as,
      or more recent) than the most recent manifest it has validated.
      Suppose this field in a purported "new" manifest is smaller (less
      recent) than previously validated manifests. In that case, the RP
      SHOULD use locally cached versions of objects, as described in
      Section 6.6.

Notes:

First of all: The previous text was not explicit that thisUpdate MUST contain the current time.

Second, in practice (e.g. multiple calls to a synchronous API) multiple manifests can be issued with the same thisUpdate. Under the previous text this would technically be misissuance. The propose text allows multiple manifests to be issued in the same second.
--VERIFIER NOTES--
Per the discussion at https://mailarchive.ietf.org/arch/msg/sidrops/nFbjWawZ8R8uulSNCRLBVARtd_s/

Report New Errata