-
Notifications
You must be signed in to change notification settings - Fork 117
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x509-cert: Non-Repudiation set by default in builder #1281
Comments
I was not aware of the ETSI document. I believe I went with the RFC5280 at the time:
https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.3 I didn't see harm in putting it. That was a mistake. I guess the
|
baloo
added a commit
to baloo/formats
that referenced
this issue
Jan 5, 2024
I tried to abide by the ETSI policy. https://www.etsi.org/deliver/etsi_en/319400_319499/31941202/02.03.01_60/en_31941202v020301p.pdf The policy recommends to make KeyUsage bits 0, 1, (2 and/or 4) exclusive. This is meant to avoid making signing of commitments during authentication. This commit goes a bit further by making bit 2 and 4 exclusive. I don't find a use-case for requiring both at the same time (and I would think only key agreement is required. Fixes RustCrypto#1281
baloo
added a commit
to baloo/formats
that referenced
this issue
Jan 17, 2024
I tried to abide by the ETSI policy. https://www.etsi.org/deliver/etsi_en/319400_319499/31941202/02.03.01_60/en_31941202v020301p.pdf The policy recommends to make KeyUsage bits 0, 1, (2 and/or 4) exclusive. This is meant to avoid making signing of commitments during authentication. This commit goes a bit further by making bit 2 and 4 exclusive. I don't find a use-case for requiring both at the same time (and I would think only key agreement is required. Fixes RustCrypto#1281
baloo
added a commit
to baloo/formats
that referenced
this issue
Jan 20, 2024
I tried to abide by the ETSI policy. https://www.etsi.org/deliver/etsi_en/319400_319499/31941202/02.03.01_60/en_31941202v020301p.pdf The policy recommends to make KeyUsage bits 0, 1, (2 and/or 4) exclusive. This is meant to avoid making signing of commitments during authentication. This commit goes a bit further by making bit 2 and 4 exclusive. I don't find a use-case for requiring both at the same time (and I would think only key agreement is required. Fixes RustCrypto#1281
baloo
added a commit
to baloo/formats
that referenced
this issue
Jan 21, 2024
This is now providing a trait to be implemented by the consumer. A number of implementation are available, including ones trying to abide by CABF Baseline Requirements. Fixes RustCrypto#1281
baloo
added a commit
to baloo/formats
that referenced
this issue
Jan 21, 2024
This is now providing a trait to be implemented by the consumer. A number of implementation are available, including ones trying to abide by CABF Baseline Requirements. Fixes RustCrypto#1281
baloo
added a commit
to baloo/formats
that referenced
this issue
Jan 29, 2024
This is now providing a trait to be implemented by the consumer. A number of implementation are available, including ones trying to abide by CABF Baseline Requirements. Fixes RustCrypto#1281
baloo
added a commit
to baloo/formats
that referenced
this issue
Apr 30, 2024
This is now providing a trait to be implemented by the consumer. A number of implementation are available, including ones trying to abide by CABF Baseline Requirements. Fixes RustCrypto#1281
baloo
added a commit
to baloo/formats
that referenced
this issue
Apr 30, 2024
This is now providing a trait to be implemented by the consumer. A number of implementation are available, including ones trying to abide by CABF Baseline Requirements. Fixes RustCrypto#1281
baloo
added a commit
to baloo/formats
that referenced
this issue
Apr 30, 2024
This is now providing a trait to be implemented by the consumer. A number of implementation are available, including ones trying to abide by CABF Baseline Requirements. Fixes RustCrypto#1281
baloo
added a commit
to baloo/formats
that referenced
this issue
May 7, 2024
This is now providing a trait to be implemented by the consumer. A number of implementation are available, including ones trying to abide by CABF Baseline Requirements. Fixes RustCrypto#1281
baloo
added a commit
to baloo/formats
that referenced
this issue
May 7, 2024
This is now providing a trait to be implemented by the consumer. A number of implementation are available, including ones trying to abide by CABF Baseline Requirements. Fixes RustCrypto#1281
baloo
added a commit
that referenced
this issue
May 13, 2024
This is now providing a trait to be implemented by the consumer. A number of implementation are available, including ones trying to abide by CABF Baseline Requirements. Fixes #1281
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
formats/x509-cert/src/builder.rs
Line 199 in fdb711e
Is there any special reason to enable it by default?
I understand that the ETSI advises against combining the Non-Repudiation and other key usages.
In section 4.3.2 Key usage
https://www.etsi.org/deliver/etsi_en/319400_319499/31941202/02.03.00_20/en_31941202v020300a.pdf
The text was updated successfully, but these errors were encountered: