This seems correct to me. I would mark it Verified. On Thu, Jul 13, 2023 at 12:19 PM RFC Errata System < rfc-edi...@rfc-editor.org> wrote:
> The following errata report has been submitted for RFC8555, > "Automatic Certificate Management Environment (ACME)". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid7565 > > -------------------------------------- > Type: Technical > Reported by: Paul Breed <p...@rasdoc.com> > > Section: 8.1 > > Original Text > ------------- > The "Thumbprint" step indicates the computation specified in > [RFC7638], using the SHA-256 digest [FIPS180-4]. As noted in > [RFC7518] any prepended zero octets in the fields of a JWK object > MUST be stripped before doing the computation. > > Corrected Text > -------------- > The "Thumbprint" step indicates the computation specified in > [RFC7638], using the SHA-256 digest [FIPS180-4]. As noted in > [RFC7518] any additional prepended zero octets in the fields of a JWK > object > MUST be stripped before doing the computation. > Fixed length fields such as found in ECDSA keys should be their natural > length and > leading zero octets should not be stripped. > > Notes > ----- > This comment was really aimed at the leading 0 octet sometimes used with > RSA, but the comment is not RSA specific. ECDSA keys can have fixed length > fields (X,Y) where there can be leading zeros. This led me astray in > implementing an ECDSA thumbprint routine for ACME. The result was that > 1/128 ECDSA keys failed to generate t humbp[rint as leading zeros were > removed. > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC8555 (draft-ietf-acme-acme-18) > -------------------------------------- > Title : Automatic Certificate Management Environment (ACME) > Publication Date : March 2019 > Author(s) : R. Barnes, J. Hoffman-Andrews, D. McCarney, J. Kasten > Category : PROPOSED STANDARD > Source : Automated Certificate Management Environment > Area : Security > Stream : IETF > Verifying Party : IESG >
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
