Please mark this as verified. thanks, Deb Cooley
On Tue, Jul 18, 2023 at 7:27 PM Paul Breed <p...@rasdoc.com> wrote: > RFC7518 is pretty clear. > Maybe the correct action is just to Remove the comment in its entirety. > > > On Thu, Jul 13, 2023 at 4:09 PM Corey Bonnell <corey.bonn...@digicert.com> > wrote: > >> “Fixed length fields such as found in ECDSA keys should be their natural >> length and >> leading zero octets should not be stripped.” >> >> >> >> I would consider strengthening this to say MUST/MUST NOT instead of >> “should” to avoid any ambiguity that there is no allowance for stripping >> leading zero octets. >> >> >> >> Thanks, >> >> Corey >> >> >> >> *From:* Acme <acme-boun...@ietf.org> *On Behalf Of * Richard Barnes >> *Sent:* Thursday, July 13, 2023 12:38 PM >> *To:* RFC Errata System <rfc-edi...@rfc-editor.org> >> *Cc:* j...@eff.org; c...@letsencrypt.org; jdkas...@umich.edu; r...@cert.org; >> paul.wout...@aiven.io; deco...@radium.ncsc.mil; debcool...@gmail.com; >> ynir.i...@gmail.com; p...@rasdoc.com; acme@ietf.org >> *Subject:* Re: [Acme] [Technical Errata Reported] RFC8555 (7565) >> >> >> >> This seems correct to me. I would mark it Verified. >> >> >> >> On Thu, Jul 13, 2023 at 12:19 PM RFC Errata System < >> rfc-edi...@rfc-editor.org> wrote: >> >> The following errata report has been submitted for RFC8555, >> "Automatic Certificate Management Environment (ACME)". >> >> -------------------------------------- >> You may review the report below and at: >> https://www.rfc-editor.org/errata/eid7565 >> >> -------------------------------------- >> Type: Technical >> Reported by: Paul Breed <p...@rasdoc.com> >> >> Section: 8.1 >> >> Original Text >> ------------- >> The "Thumbprint" step indicates the computation specified in >> [RFC7638], using the SHA-256 digest [FIPS180-4]. As noted in >> [RFC7518] any prepended zero octets in the fields of a JWK object >> MUST be stripped before doing the computation. >> >> Corrected Text >> -------------- >> The "Thumbprint" step indicates the computation specified in >> [RFC7638], using the SHA-256 digest [FIPS180-4]. As noted in >> [RFC7518] any additional prepended zero octets in the fields of a JWK >> object >> MUST be stripped before doing the computation. >> Fixed length fields such as found in ECDSA keys should be their >> natural length and >> leading zero octets should not be stripped. >> >> Notes >> ----- >> This comment was really aimed at the leading 0 octet sometimes used with >> RSA, but the comment is not RSA specific. ECDSA keys can have fixed length >> fields (X,Y) where there can be leading zeros. This led me astray in >> implementing an ECDSA thumbprint routine for ACME. The result was that >> 1/128 ECDSA keys failed to generate t humbp[rint as leading zeros were >> removed. >> >> Instructions: >> ------------- >> This erratum is currently posted as "Reported". If necessary, please >> use "Reply All" to discuss whether it should be verified or >> rejected. When a decision is reached, the verifying party >> can log in to change the status and edit the report, if necessary. >> >> -------------------------------------- >> RFC8555 (draft-ietf-acme-acme-18) >> -------------------------------------- >> Title : Automatic Certificate Management Environment (ACME) >> Publication Date : March 2019 >> Author(s) : R. Barnes, J. Hoffman-Andrews, D. McCarney, J. >> Kasten >> Category : PROPOSED STANDARD >> Source : Automated Certificate Management Environment >> Area : Security >> Stream : IETF >> Verifying Party : IESG >> >>
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
