Sean Turner
2017-09-07 20:40:26 UTC
Note that this issue was discovered during IESG review of draft-turner-est-extensions. Alexey, Panos, Dan, Max, and myself worked on the wording. I’m hoping it can stew for a couple of days and then be marked as accepted.
spt
spt
The following errata report has been submitted for RFC7030,
"Enrollment over Secure Transport".
--------------------------------------
http://www.rfc-editor.org/errata/eid5108
--------------------------------------
Type: Technical
Section: 4.2.3, 4.4.2
Original Text
-------------
If the content-type is not set, the response data MUST be a plaintext
human-readable error message containing explanatory information
describing why the request was rejected (for example, indicating that
CSR attributes are incomplete).
If the content-type is not set, the response data MUST be a plaintext
human-readable error message.
Corrected Text
--------------
If the content-type is not set, the response data must be a plaintext
human-readable error message containing explanatory information
describing why the request was rejected (for example, indicating that
CSR attributes are incomplete). Servers MAY use the "text/plain”
content-type [RFC2046] for human-readable errors.
If the content-type is not set, the response data must be a plaintext
human-readable error message. Servers MAY use the "text/plain”
content-type [RFC2046] for human-readable errors.
Notes
-----
The current text is somewhat unclear as to what content-type needs to be used for the human-readable error. There are many human-readable content-types, but "text/plain" seems to be the most sensible.
Note that the MUST was reduced to a must because no content-type is specified.
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party
can log in to change the status and edit the report, if necessary.
--------------------------------------
RFC7030 (draft-ietf-pkix-est-09)
--------------------------------------
Title : Enrollment over Secure Transport
Publication Date : October 2013
Author(s) : M. Pritikin, Ed., P. Yee, Ed., D. Harkins, Ed.
Category : PROPOSED STANDARD
Source : Public-Key Infrastructure (X.509)
Area : Security
Stream : IETF
Verifying Party : IESG
"Enrollment over Secure Transport".
--------------------------------------
http://www.rfc-editor.org/errata/eid5108
--------------------------------------
Type: Technical
Section: 4.2.3, 4.4.2
Original Text
-------------
If the content-type is not set, the response data MUST be a plaintext
human-readable error message containing explanatory information
describing why the request was rejected (for example, indicating that
CSR attributes are incomplete).
If the content-type is not set, the response data MUST be a plaintext
human-readable error message.
Corrected Text
--------------
If the content-type is not set, the response data must be a plaintext
human-readable error message containing explanatory information
describing why the request was rejected (for example, indicating that
CSR attributes are incomplete). Servers MAY use the "text/plain”
content-type [RFC2046] for human-readable errors.
If the content-type is not set, the response data must be a plaintext
human-readable error message. Servers MAY use the "text/plain”
content-type [RFC2046] for human-readable errors.
Notes
-----
The current text is somewhat unclear as to what content-type needs to be used for the human-readable error. There are many human-readable content-types, but "text/plain" seems to be the most sensible.
Note that the MUST was reduced to a must because no content-type is specified.
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party
can log in to change the status and edit the report, if necessary.
--------------------------------------
RFC7030 (draft-ietf-pkix-est-09)
--------------------------------------
Title : Enrollment over Secure Transport
Publication Date : October 2013
Author(s) : M. Pritikin, Ed., P. Yee, Ed., D. Harkins, Ed.
Category : PROPOSED STANDARD
Source : Public-Key Infrastructure (X.509)
Area : Security
Stream : IETF
Verifying Party : IESG