CVSROOT: /cvs
Module name: src
Changes by: j...@cvs.openbsd.org 2023/04/14 18:39:08
Modified files:
usr.sbin/rpki-client: cert.c
Log message:
Disallow issuer and subject unique identifiers
In 1992, the ITU-T - through X.509 version 2 - introduced subject and
issuer unique identifier fields to handle the possibility of reuse
of subject and/or issuer names over time. However, the standing
recommendation is that names not be reused for different entities and
that Internet certificates not make use of unique identifiers.
Conforming RPKI CAs will never issue certificates with unique identifiers.
OK tb@ claudio@
