diff options
author | Andreas Schildbach <andreas@schildbach.de> | 2014-03-01 00:03:02 +0100 |
---|---|---|
committer | Andreas Schildbach <andreas@schildbach.de> | 2014-04-13 12:19:08 +0200 |
commit | 4964569a67ea9b2ebf6ee61e5749ce6376620f90 (patch) | |
tree | 3ffc32b705d685b092950d62936ca64059bc7ef2 | |
parent | e196a4a7d0171d499fa496078526b7479db22d18 (diff) | |
download | bips-4964569a67ea9b2ebf6ee61e5749ce6376620f90.tar.xz |
Require including intermediate certificates in a BIP70 payment request.
-rw-r--r-- | bip-0070.mediawiki | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/bip-0070.mediawiki b/bip-0070.mediawiki index 3e861db..0bf10e2 100644 --- a/bip-0070.mediawiki +++ b/bip-0070.mediawiki @@ -221,10 +221,11 @@ used. Each certificate is a DER [ITU.X690.1994] PKIX certificate value. The certificate containing the public key of the entity that digitally -signed the PaymentRequest must be the first certificate. This MAY be +signed the PaymentRequest must be the first certificate. This MUST be followed by additional certificates, with each subsequent certificate -being the one used to certify the previous one, up to a trusted root -authority. The recipient must verify the certificate chain according to +being the one used to certify the previous one, up to (but not +including) a trusted root authority. The trusted root authority MAY be +included. The recipient must verify the certificate chain according to [RFC5280] and reject the PaymentRequest if any validation failure occurs. |