RFR: 8277246: No need to check about KeyUsage when validating a TSA certificate [v2]

Xuelei Fan xuelei.fan at oracle.com
Wed Nov 17 05:46:20 UTC 2021


On Nov 16, 2021, at 7:28 PM, Michael StJohns <mstjohns at comcast.net<mailto:mstjohns at comcast.net>> wrote:


   id-kp-timeStamping            OBJECT IDENTIFIER ::= { id-kp 8 }
   -- Binding the hash of an object to a time
   -- Key usage bits that may be consistent: digitalSignature
   -- and/or nonRepudiation

Hm, we may want to check it strictly in this update, by allowing nonRepudiation alternatively.

Xuelei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/security-dev/attachments/20211117/44e73ed8/attachment-0001.htm>


More information about the security-dev mailing list