[Acme] [Technical Errata Reported] RFC8555 (7565)

Thu, 13 Jul 2023 13:31:18 -0700 

The following errata report has been submitted for RFC8555,
"Automatic Certificate Management Environment (ACME)".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid7565

--------------------------------------
Type: Technical
Reported by: Paul Breed <p...@rasdoc.com>

Section: 8.1

Original Text
-------------
 The "Thumbprint" step indicates the computation specified in
   [RFC7638], using the SHA-256 digest [FIPS180-4].  As noted in
   [RFC7518] any prepended zero octets in the fields of a JWK object
   MUST be stripped before doing the computation.

Corrected Text
--------------
The "Thumbprint" step indicates the computation specified in
   [RFC7638], using the SHA-256 digest [FIPS180-4].  As noted in
   [RFC7518] any additional prepended zero octets in the fields of a JWK object
   MUST be stripped before doing the computation.  
   Fixed length fields such as found in ECDSA keys should be their natural 
length and 
   leading zero octets should not be stripped.

Notes
-----
This comment was really aimed at the leading 0 octet sometimes used with RSA, 
but the comment is not RSA specific. ECDSA keys can have fixed length fields 
(X,Y) where there can be leading zeros.  This led me astray in implementing an 
ECDSA thumbprint routine for ACME. The result was that 1/128 ECDSA keys failed 
to generate t humbp[rint as leading zeros were removed.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
can log in to change the status and edit the report, if necessary. 

--------------------------------------
RFC8555 (draft-ietf-acme-acme-18)
--------------------------------------
Title               : Automatic Certificate Management Environment (ACME)
Publication Date    : March 2019
Author(s)           : R. Barnes, J. Hoffman-Andrews, D. McCarney, J. Kasten
Category            : PROPOSED STANDARD
Source              : Automated Certificate Management Environment
Area                : Security
Stream              : IETF
Verifying Party     : IESG

_______________________________________________
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme

Reply via email to