Download raw body.
rpki-client: mandate presence of CMS signing-time and disallow binary-signing-time
rpki-client: mandate presence of CMS signing-time and disallow binary-signing-time
On Sat, Apr 20, 2024 at 11:52:45PM +0000, Job Snijders wrote: > Dear all, > > For the last 13 months, rpki-client would've emitted a warning if the > CMS signing-time attribute were to be missing from a RPKI Signed Object, > and if the binary-signing-time attribute were to be present. A > retrospective based on rpkiviews.org data from June 2022 onwards > indicates neither condition ever existed in recent years. > > RFC-to-be draft-ietf-sidrops-cms-signing-time updates RFC 6488 by > mandating the presence of the CMS signing-time attribute and disallowing > the use of the CMS binary-signing-time attribute. There was consensus in > SIDROPS for time now, and - as of this week - also approval from the > IESG for RFC publication of this internet-draft. > > I think it is time to flip from warning to fatal error. Yes. ok tb
rpki-client: mandate presence of CMS signing-time and disallow binary-signing-time
rpki-client: mandate presence of CMS signing-time and disallow binary-signing-time