On Nov 16, 2021, at 7:28 PM, Michael StJohns
mailto:mstjo...@comcast.net>> wrote:
id-kp-timeStampingOBJECT IDENTIFIER ::= { id-kp 8 }
-- Binding the hash of an object to a time
-- Key usage bits that may be consistent: digitalSignature
-- and/or nonRepudiation
Hm, we
On 11/16/2021 7:46 PM, Weijun Wang wrote:
On Tue, 16 Nov 2021 21:00:12 GMT, Weijun Wang wrote:
There is no need to check for the KeyUsage extension when validating a TSA
certificate.
A test is modified where a TSA cert has a KeyUsage but without the
DigitalSignature bit.
Weijun Wang has
On Tue, 16 Nov 2021 21:00:12 GMT, Weijun Wang wrote:
>> There is no need to check for the KeyUsage extension when validating a TSA
>> certificate.
>>
>> A test is modified where a TSA cert has a KeyUsage but without the
>> DigitalSignature bit.
>
> Weijun Wang has updated the pull request
On 11/16/2021 6:37 PM, Weijun Wang wrote:
On Tue, 16 Nov 2021 21:00:12 GMT, Weijun Wang wrote:
There is no need to check for the KeyUsage extension when validating a TSA
certificate.
A test is modified where a TSA cert has a KeyUsage but without the
DigitalSignature bit.
Weijun Wang has
On 11/16/2021 5:58 PM, Michael StJohns wrote:
On 11/16/2021 4:05 PM, Weijun Wang wrote:
On Tue, 16 Nov 2021 21:00:12 GMT, Weijun Wang wrote:
There is no need to check for the KeyUsage extension when validating a TSA
certificate.
A test is modified where a TSA cert has a KeyUsage but
On Tue, 16 Nov 2021 21:00:12 GMT, Weijun Wang wrote:
>> There is no need to check for the KeyUsage extension when validating a TSA
>> certificate.
>>
>> A test is modified where a TSA cert has a KeyUsage but without the
>> DigitalSignature bit.
>
> Weijun Wang has updated the pull request
On Tue, 16 Nov 2021 21:00:12 GMT, Weijun Wang wrote:
>> There is no need to check for the KeyUsage extension when validating a TSA
>> certificate.
>>
>> A test is modified where a TSA cert has a KeyUsage but without the
>> DigitalSignature bit.
>
> Weijun Wang has updated the pull request
On 11/16/2021 4:05 PM, Weijun Wang wrote:
On Tue, 16 Nov 2021 21:00:12 GMT, Weijun Wang wrote:
There is no need to check for the KeyUsage extension when validating a TSA
certificate.
A test is modified where a TSA cert has a KeyUsage but without the
DigitalSignature bit.
Weijun Wang has
On Tue, 16 Nov 2021 21:00:12 GMT, Weijun Wang wrote:
>> There is no need to check for the KeyUsage extension when validating a TSA
>> certificate.
>>
>> A test is modified where a TSA cert has a KeyUsage but without the
>> DigitalSignature bit.
>
> Weijun Wang has updated the pull request
On Tue, 16 Nov 2021 21:00:12 GMT, Weijun Wang wrote:
>> There is no need to check for the KeyUsage extension when validating a TSA
>> certificate.
>>
>> A test is modified where a TSA cert has a KeyUsage but without the
>> DigitalSignature bit.
>
> Weijun Wang has updated the pull request
> There is no need to check for the KeyUsage extension when validating a TSA
> certificate.
>
> A test is modified where a TSA cert has a KeyUsage but without the
> DigitalSignature bit.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
On 11/16/2021 2:43 PM, Weijun Wang wrote:
There is no need to check for the KeyUsage extension when validating a TSA
certificate.
A test is modified where a TSA cert has a KeyUsage but without the
DigitalSignature bit.
-
Commit messages:
- 8277246: No need to check about
On Fri, 22 Oct 2021 18:24:22 GMT, Daniel Jeliński wrote:
> The current code that changes cipher suites disposes the new suite instead of
> the old one, which usually silently fails. This patch fixes the code to
> dispose the old instance instead.
>
> DTLS appears to be unaffected:
On Wed, 3 Nov 2021 09:16:47 GMT, Daniel Jeliński wrote:
>> The current code that changes cipher suites disposes the new suite instead
>> of the old one, which usually silently fails. This patch fixes the code to
>> dispose the old instance instead.
>>
>> DTLS appears to be unaffected:
On Tue, 16 Nov 2021 19:36:11 GMT, Weijun Wang wrote:
> There is no need to check for the KeyUsage extension when validating a TSA
> certificate.
>
> A test is modified where a TSA cert has a KeyUsage but without the
> DigitalSignature bit.
There is no need to check for the KeyUsage extension when validating a TSA
certificate.
A test is modified where a TSA cert has a KeyUsage but without the
DigitalSignature bit.
-
Commit messages:
- 8277246: No need to check about KeyUsage when validating a TSA certificate
> When a signature/digest algorithm was being checked, the algorithm
> constraints checked both the signature/digest algorithm and the key to see if
> they were restricted. This caused duplicate checks and was also problematic
> for `jarsigner` (and `keytool`) which need to distinguish these
On Tue, 16 Nov 2021 01:07:55 GMT, Weijun Wang wrote:
>> When a signature/digest algorithm was being checked, the algorithm
>> constraints checked both the signature/digest algorithm and the key to see
>> if they were restricted. This caused duplicate checks and was also
>> problematic for
On Tue, 16 Nov 2021 01:41:50 GMT, Weijun Wang wrote:
> I'm feeling we should completely dump checking for algorithms and switch to
> checking algorithmIds. Even if currently it's only RSASSA-PSS, but suppose
> one day we support the SHAKE256-LEN MessageDigest algorithm and I suppose
> that
19 matches
Mail list logo
