[Emu] Re: [Technical Errata Reported] RFC9190 (8094)

Wed, 04 Sep 2024 10:12:04 -0700

I would argue that you're still being inaccurate.  That is the message type.  If you would rather, then you should specify that "both X509 and RawPublicKey forms of CertificateType should be supported" (those are the only two forms permitted).  A raw public key is NOT a certificate. 

Eliot

On 04.09.2024 17:37, Mohit Sethi wrote:
This should be disregarded. RPK is a TLS certificate type. See the IANA registry for TLS Certificate Types: https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3.
Specifically, TLS Certificate Type value of 2 corresponds to RPK (raw public key). In TLS, the RPK is even carried in the Certificate message. 

See RFC 8446:


enum {
    X509(0),
    RawPublicKey(2),
    (255)
} CertificateType;

struct {
    select (certificate_type) {
        case RawPublicKey:
          /* From RFC 7250 ASN.1_subjectPublicKeyInfo */
          opaque ASN1_subjectPublicKeyInfo<1..2^24-1>;

        case X509:
          opaque cert_data<1..2^24-1>;
    };
    Extension extensions<0..2^16-1>;
} CertificateEntry;

struct {
    opaque certificate_request_context<0..2^8-1>;
    CertificateEntry certificate_list<0..2^24-1>;
} Certificate;


--Mohit

On 9/4/24 18:24, RFC Errata System wrote:

The following errata report has been submitted for RFC9190,
"EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3". 

--------------------------------------
You may review the report below and at:
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.rfc-editor.org%2Ferrata%2Feid8094&data=05%7C02%7Cmohit.sethi%40aalto.fi%7Ce3e0578f596b470ab10f08dcccf59f89%7Cae1a772440414462a6dc538cb199707e%7C1%7C0%7C638610602544992133%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=79%2BtrIbEI8hXB1TD0SxYqsAoRBTo0Wq0jMOaYSwZgjI%3D&reserved=0 

--------------------------------------
Type: Technical
Reported by: Eliot Lear <l...@lear.ch>

Section: 2.1.1

Original Text
-------------
Certificates can be of any type supported by TLS including raw
public keys.

Corrected Text
--------------
Certificates can be of any type supported by TLS. Raw public keys may
also be used.

Notes
-----
A raw public key specifically is **not** a certificate.

Instructions:
-------------
This erratum is currently posted as "Reported". (If it is spam, it
will be removed shortly by the RFC Production Center.) Please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party
will log in to change the status and edit the report, if necessary.

--------------------------------------
RFC9190 (draft-ietf-emu-eap-tls13-21)
--------------------------------------
Title               : EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3 
Publication Date    : February 2022
Author(s)           : J. Preuß Mattsson, M. Sethi
Category            : PROPOSED STANDARD
Source              : EAP Method Update
Stream              : IETF
Verifying Party     : IESG

Attachment: OpenPGP_0x87B66B46D9D27A33.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

_______________________________________________
Emu mailing list -- emu@ietf.org
To unsubscribe send an email to emu-le...@ietf.org

Reply via email to