Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8059916

Change default criticality of policy mappings and policy constraints certificate extensions

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P4 P4
    • 9
    • 9
    • security-libs
    • None

        RFC 5280 has obsoleted RFC 3280 and has updated its guidelines for the criticality of the X.509 policy mappings extension and policy constraints extensions.

        From RFC 5280:
              * Section 4.2.1.5 recommends marking the policy mappings extension
                as critical. RFC 3280 required that the policy mappings
                extension be marked as non-critical.

              * Section 4.2.1.11 requires marking the policy constraints
                extension as critical. RFC 3280 permitted the policy
                constraints extension to be marked as critical or non-critical.

        The current implementation constructs both extensions as non-critical by default. This should be changed.
         

              juh Jason Uh (Inactive)
              juh Jason Uh (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: