#79: Precertificate signature must be over something other than just the
TBSCertificate
-----------------------------+------------------------------
Reporter: rob.stradling@… | Owner: rob.stradling@…
Type: defect | Status: reopened
Priority: blocker | Milestone:
Component: rfc6962-bis | Version:
Severity: - | Resolution:
Keywords: |
-----------------------------+------------------------------
Changes (by rob.stradling@…):
* status: closed => reopened
* resolution: fixed =>
* milestone: review =>
Comment:
I recently took another look at how we're using CMS for precertificates in
6962-bis, and I found myself repeating the same misunderstandings that are
documented earlier in this ticket. Therefore, I thought it would be wise
to explain the requirements in more detail, drawing particular attention
to the RFC5652 requirement that the signedAttrs field MUST be included:
https://github.com/google/certificate-transparency-rfcs/pull/264
--
Ticket URL: <https://trac.ietf.org/trac/trans/ticket/79#comment:13>
Public Notary Transparency Wiki <https://trac.ietf.org/trac/trans>
My example project
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
