RFR: 8277246: No need to check about KeyUsage when validating a TSA certificate [v2]
Xuelei Fan
xuelei.fan at oracle.com
Wed Nov 17 05:46:20 UTC 2021
On Nov 16, 2021, at 7:28 PM, Michael StJohns <mstjohns at comcast.net<mailto:mstjohns at comcast.net>> wrote:
id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
-- Binding the hash of an object to a time
-- Key usage bits that may be consistent: digitalSignature
-- and/or nonRepudiation
Hm, we may want to check it strictly in this update, by allowing nonRepudiation alternatively.
Xuelei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20211117/44e73ed8/attachment.htm>
More information about the security-dev
mailing list