From 4964569a67ea9b2ebf6ee61e5749ce6376620f90 Mon Sep 17 00:00:00 2001 From: Andreas Schildbach Date: Sat, 1 Mar 2014 00:03:02 +0100 Subject: Require including intermediate certificates in a BIP70 payment request. --- bip-0070.mediawiki | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'bip-0070.mediawiki') diff --git a/bip-0070.mediawiki b/bip-0070.mediawiki index 3e861db..0bf10e2 100644 --- a/bip-0070.mediawiki +++ b/bip-0070.mediawiki @@ -221,10 +221,11 @@ used. Each certificate is a DER [ITU.X690.1994] PKIX certificate value. The certificate containing the public key of the entity that digitally -signed the PaymentRequest must be the first certificate. This MAY be +signed the PaymentRequest must be the first certificate. This MUST be followed by additional certificates, with each subsequent certificate -being the one used to certify the previous one, up to a trusted root -authority. The recipient must verify the certificate chain according to +being the one used to certify the previous one, up to (but not +including) a trusted root authority. The trusted root authority MAY be +included. The recipient must verify the certificate chain according to [RFC5280] and reject the PaymentRequest if any validation failure occurs. -- cgit v1.2.3