RFC 9618
Updates to X.509 Policy Validation, August 2024
- File formats:
- Also available: XML file for editing
- Status:
- PROPOSED STANDARD
- Updates:
- RFC 5280
- Author:
- D. Benjamin
- Stream:
- IETF
- Source:
- lamps (sec)
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC9618
Discuss this RFC: Send questions or comments to the mailing list spasm@ietf.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 9618
Abstract
This document updates RFC 5280 to replace the algorithm for X.509 policy validation with an equivalent, more efficient algorithm. The original algorithm built a structure that scaled exponentially in the worst case, leaving implementations vulnerable to denial-of-service attacks.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.