-
When implementing a crypto provider only for signature, I'm obligated to add a direct dependency to `webkpi` in order to benefit from the constant of the [webkpi::alg_id] module . The rustls' verify …
-
https://github.com/cyberphone/json-canonicalization/blob/dc406ceaf94b5fa554fcabb92c091089c2357e83/go/src/webpki.org/jsoncanonicalizer/jsoncanonicalizer.go#L237
This method does not work for uint64 …
-
Hello:
Is there any plan to have official release published in this git repo, say, user can download pre-built jar file (i.e library/dist/webpki.org-libext-*.jar) instead of doing local compilation?…
-
There are many places where an AlgorithmIdentifier can be specified either without parameters or with NULL parameters. See [RFC 8017](https://tools.ietf.org/html/rfc8017). In fact, it appears that t…
-
You've listed *ring* in the TLS/SSL section, but it actually provides many of the same crypto primitives (AEADs, hashes, signatures) as the RustCrypto crates, so maybe that should be more clearly expl…
-
Remove the following signature algorithms:
- ECDSA_P256_SHA1
- ECDSA_P384_SHA1
- RSA_PKCS1_2048_8192_SHA1
Mozilla, Microsoft, and Google are all planning to turn off SHA-1 support on 2017-1-1 or 2017…
-
This was reported by Gregor Kopf for Cure53. Thanks Gregor!
RFC 5280 has this to say about IP address name constraints:
> For IPv4 addresses, the iPAddress field of GeneralName MUST contain eigh…
-
See #64, #67, #68, and #70 for background. Basically when a TLS terminator is doing TLS for a lot of different hostnames, it will have a lot of certificates to manage. In #64 @Geal mentioned that he h…
-
I don't see a way to get an email address out of a certificate's subject_alternate_name. Is that something that webpki could support? I think this is related to #64.
I have client certificates …
-
If a 3rd party repo was hosting the ICA list for WebPKI, then we could limit outages because
- all clients would have the same version (assuming within time interval).
- servers could check if the…