RFC Errata
Found 1 record.
Status: Reported (1)
RFC 9679, "CBOR Object Signing and Encryption (COSE) Key Thumbprint", December 2024
Source of RFC: cose (sec)
Errata ID: 8390
Status: Reported
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: Carsten Bormann
Date Reported: 2025-04-22
Section 5.4 says:
as the "x5t" (X.509 certificate SHA-1 thumbprint) [RFC9360] value defined for X.509 certificate objects does.
It should say:
as the "x5t" (X.509 certificate thumbprint) [RFC9360] value defined for X.509 certificate objects does.
Notes:
The hash function name "SHA-1" is spurious here.
RFC 9360 calls "x5t" a "Hash of an X.509 certificate" or goes into more detail by saying "x5t:
This header parameter identifies the end-entity X.509 certificate by a hash value (a thumbprint). ".
So calling "x5t" an "X.509 certificate thumbprint" is not wrong.
However, there is nothing in RFC 9360 about SHA-1, and SHA-1 is outdated enough that this misreference borders on a technical mistake.