Dear all,

For the last 13 months, rpki-client would've emitted a warning if the
CMS signing-time attribute were to be missing from a RPKI Signed Object,
and if the binary-signing-time attribute were to be present. A
retrospective based on rpkiviews.org data from June 2022 onwards
indicates neither condition ever existed in recent years.

RFC-to-be draft-ietf-sidrops-cms-signing-time updates RFC 6488 by
mandating the presence of the CMS signing-time attribute and disallowing
the use of the CMS binary-signing-time attribute. There was consensus in
SIDROPS for time now, and - as of this week - also approval from the
IESG for RFC publication of this internet-draft.

I think it is time to flip from warning to fatal error.

We'll need to part ways with the RSC test file
c6938fc00af6496d9d4e6e2d876e4b4811887b60f4f1bc9cd0b3cdb7c57c6d5e.sig in
regress, which lacks the CMS signing-time attribute.

OK?

Index: x509.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/x509.c,v
diff -u -p -r1.86 x509.c
--- x509.c	3 Apr 2024 04:20:13 -0000	1.86
+++ x509.c	20 Apr 2024 23:22:56 -0000
@@ -39,7 +39,6 @@ ASN1_OBJECT	*bgpsec_oid;	/* id-kp-bgpsec
 ASN1_OBJECT	*cnt_type_oid;	/* pkcs-9 id-contentType */
 ASN1_OBJECT	*msg_dgst_oid;	/* pkcs-9 id-messageDigest */
 ASN1_OBJECT	*sign_time_oid;	/* pkcs-9 id-signingTime */
-ASN1_OBJECT	*bin_sign_time_oid;	/* pkcs-9 id-aa-binarySigningTime */
 ASN1_OBJECT	*rsc_oid;	/* id-ct-signedChecklist */
 ASN1_OBJECT	*aspa_oid;	/* id-ct-ASPA */
 ASN1_OBJECT	*tak_oid;	/* id-ct-SignedTAL */
@@ -97,10 +96,6 @@ static const struct {
 	{
 		.oid = "1.2.840.113549.1.9.5",
 		.ptr = &sign_time_oid,
-	},
-	{
-		.oid = "1.2.840.113549.1.9.16.2.46",
-		.ptr = &bin_sign_time_oid,
 	},
 	{
 		.oid = "1.2.840.113549.1.9.16.1.47",
Index: cms.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/cms.c,v
diff -u -p -r1.42 cms.c
--- cms.c	1 Feb 2024 15:11:38 -0000	1.42
+++ cms.c	20 Apr 2024 23:22:56 -0000
@@ -30,7 +30,6 @@
 extern ASN1_OBJECT	*cnt_type_oid;
 extern ASN1_OBJECT	*msg_dgst_oid;
 extern ASN1_OBJECT	*sign_time_oid;
-extern ASN1_OBJECT	*bin_sign_time_oid;
 
 static int
 cms_extract_econtent(const char *fn, CMS_ContentInfo *cms, unsigned char **res,
@@ -108,8 +107,7 @@ cms_parse_validate_internal(X509 **xp, c
 	EVP_PKEY			*pkey;
 	X509_ALGOR			*pdig, *psig;
 	int				 i, nattrs, nid;
-	int				 has_ct = 0, has_md = 0, has_st = 0,
-					 has_bst = 0;
+	int				 has_ct = 0, has_md = 0, has_st = 0;
 	time_t				 notafter;
 	int				 rc = 0;
 
@@ -218,12 +216,6 @@ cms_parse_validate_internal(X509 **xp, c
 			}
 			if (!cms_get_signtime(fn, attr, signtime))
 				goto out;
-		} else if (OBJ_cmp(obj, bin_sign_time_oid) == 0) {
-			if (has_bst++ != 0) {
-				warnx("%s: RFC 6488: duplicate "
-				    "signed attribute", fn);
-				goto out;
-			}
 		} else {
 			OBJ_obj2txt(buf, sizeof(buf), obj, 1);
 			warnx("%s: RFC 6488: "
@@ -239,11 +231,11 @@ cms_parse_validate_internal(X509 **xp, c
 		goto out;
 	}
 
-	if (has_bst)
-		warnx("%s: unsupported CMS signing-time attribute", fn);
-
-	if (!has_st)
+	if (!has_st) {
+		/* RFC-to-be draft-ietf-sidrops-cms-signing-time */
 		warnx("%s: missing CMS signing-time attribute", fn);
+		goto out;
+	}
 
 	if (CMS_unsigned_get_attr_count(si) != -1) {
 		warnx("%s: RFC 6488: CMS has unsignedAttrs", fn);