Found 2 records.

Status: Reported (1)

RFC 8295, "EST (Enrollment over Secure Transport) Extensions", January 2018

Errata ID: 7626
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Piotr Popis
Date Reported: 2023-09-04

Section 2.1.1. says:

0007 Start DS certificate enrollment: Indicates that the client needs
        to begin enrolling its DS certificate.  The PAL entry points to
        a /simpleenroll URI, which is defined in [RFC7030].

It should say:

0007 Start DS certificate enrollment: Indicates that the client needs
        to begin enrolling its DS certificate.  The PAL entry points to
        a /simpleenroll or a /fullcmc URI, both of which are defined in     [RFC7030].

Notes:

Without this change and taking the 0006 definition into consideration, one might assume that a Simple PKI Request doesn't require the /csrattrs URI to be done beforehand, but the enrollment with a Full PKI Request must be preceded by the /csrattrs URI, which is not required - see the rest of the document, especially Section 9 and [RFC7030].

Status: Held for Document Update (1)

RFC 8295, "EST (Enrollment over Secure Transport) Extensions", January 2018

Errata ID: 8439
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Russ Housley
Date Reported: 2025-05-29
Held for Document Update by: Paul Wouters
Date Held: 2025-06-04

Section Appendix B says:

   The ContentInfo is a PKIData:

     PKIData ::= SEQUENCE {
       reqSequence        SEQUENCE SIZE(0..MAX) OF TaggedRequest
       }

It should say:

   The ContentInfo is a PKIData:

     ct-PKIData CONTENT-TYPE ::=
       { PKIData IDENTIFIED BY id-cct-PKIData }

     id-cct-PKIData OBJECT IDENTIFIER ::= { iso(1)
       identified-organization(3) dod(6) internet(1) security(5)
       mechanisms(5) pkix(7) cct(12) 2 }

     PKIData ::= SEQUENCE {
       reqSequence        SEQUENCE SIZE(0..MAX) OF TaggedRequest
       }

Notes:

Make it clear which object identifier is associated with PIKData.

Report New Errata