Require including intermediate certificates in a BIP70 payment request.

author: Andreas Schildbach <andreas@schildbach.de> 2014-03-01 00:03:02 +0100
committer: Andreas Schildbach <andreas@schildbach.de> 2014-04-13 12:19:08 +0200
commit: 4964569a67ea9b2ebf6ee61e5749ce6376620f90 (patch)
tree: 3ffc32b705d685b092950d62936ca64059bc7ef2 /bip-0070.mediawiki
parent: e196a4a7d0171d499fa496078526b7479db22d18 (diff)
download: bips-4964569a67ea9b2ebf6ee61e5749ce6376620f90.tar.xz
1 files changed, 4 insertions, 3 deletions
diff --git a/bip-0070.mediawiki b/bip-0070.mediawiki
index 3e861db..0bf10e2 100644
--- a/bip-0070.mediawiki
+++ b/bip-0070.mediawiki
@@ -221,10 +221,11 @@ used.
 
 Each certificate is a DER [ITU.X690.1994] PKIX certificate value. The
 certificate containing the public key of the entity that digitally
-signed the PaymentRequest must be the first certificate. This MAY be
+signed the PaymentRequest must be the first certificate. This MUST be
 followed by additional certificates, with each subsequent certificate
-being the one used to certify the previous one, up to a trusted root
-authority.  The recipient must verify the certificate chain according to
+being the one used to certify the previous one, up to (but not
+including) a trusted root authority. The trusted root authority MAY be
+included. The recipient must verify the certificate chain according to
 [RFC5280] and reject the PaymentRequest if any validation failure
 occurs.
author	Andreas Schildbach <andreas@schildbach.de>	2014-03-01 00:03:02 +0100
committer	Andreas Schildbach <andreas@schildbach.de>	2014-04-13 12:19:08 +0200
commit	4964569a67ea9b2ebf6ee61e5749ce6376620f90 (patch)
tree	3ffc32b705d685b092950d62936ca64059bc7ef2 /bip-0070.mediawiki
parent	e196a4a7d0171d499fa496078526b7479db22d18 (diff)
download	bips-4964569a67ea9b2ebf6ee61e5749ce6376620f90.tar.xz