Merge pull request #22 from schildbach/bip70-recommend-intermediate-certs

Recommend including intermediate certificates in a BIP70 payment request.
author: Gregory Maxwell <greg@xiph.org> 2014-04-25 16:27:15 -0700
committer: Gregory Maxwell <greg@xiph.org> 2014-04-25 16:27:15 -0700
commit: cd2850fa08b4a11b6f43991c593a6ae6ec792c53 (patch)
tree: 99adc6ffd18d64eb4ea6cc2c73d856eec5003df3 /bip-0070.mediawiki
parent: 432b98240fb8ed7680af0466b080684b1dea5760 (diff)
parent: 4964569a67ea9b2ebf6ee61e5749ce6376620f90 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/bip-0070.mediawiki b/bip-0070.mediawiki
index 657b4f2..1399321 100644
--- a/bip-0070.mediawiki
+++ b/bip-0070.mediawiki
@@ -221,10 +221,11 @@ used.
 
 Each certificate is a DER [ITU.X690.1994] PKIX certificate value. The
 certificate containing the public key of the entity that digitally
-signed the PaymentRequest must be the first certificate. This MAY be
+signed the PaymentRequest must be the first certificate. This MUST be
 followed by additional certificates, with each subsequent certificate
-being the one used to certify the previous one, up to a trusted root
-authority.  The recipient must verify the certificate chain according to
+being the one used to certify the previous one, up to (but not
+including) a trusted root authority. The trusted root authority MAY be
+included. The recipient must verify the certificate chain according to
 [RFC5280] and reject the PaymentRequest if any validation failure
 occurs.
author	Gregory Maxwell <greg@xiph.org>	2014-04-25 16:27:15 -0700
committer	Gregory Maxwell <greg@xiph.org>	2014-04-25 16:27:15 -0700
commit	cd2850fa08b4a11b6f43991c593a6ae6ec792c53 (patch)
tree	99adc6ffd18d64eb4ea6cc2c73d856eec5003df3 /bip-0070.mediawiki
parent	432b98240fb8ed7680af0466b080684b1dea5760 (diff)
parent	4964569a67ea9b2ebf6ee61e5749ce6376620f90 (diff)