===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/75.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -c -r1.1 -r1.2
*** www/75.html 2024/03/02 21:23:01 1.1
--- www/75.html 2024/03/03 20:55:54 1.2
***************
*** 158,163 ****
--- 158,164 ----
...
+
Routing daemons and other userland network improvements:
***************
*** 171,179 ****
- ...
! rpki-client(8) saw some changes:
In smtpd(8),
--- 172,217 ----
...
! rpki-client(8) saw these and more changes:
! - Add ability to constrain an RPKI Trust Anchor's effective signing
! authority to a limited set of Internet numbers. This allows Relying
! Parties to enjoy the potential benefits of assuming trust, but within
! a bounded scope.
!
- Following a 'failed fetch' (described in RFC 9286), emit a warning and
! continue with a previously cached Manifest file.
!
- Emit a warning when the remote repository presents a Manifest with an
! unexpected manifestNumber.
!
- Improved CRL extension checking.
!
- Experimental support for the P-256 signature algorithm.
!
!
- A failed manifest fetch could result in a NULL pointer dereference or
! a use after free.
!
- Reject non-conforming RRDP delta elements that contain neither publish
! nor a withdraw element and fall back to the RRDP snapshot.
!
- Refactoring and minor bug fixes in the warning display functions.
!
!
- The handling of manifests fetched via rsync or RRDP was reworked to
! fully conform to RFC 9286.
!
- Fix a race condition between closing an idle connection and scheduling a
! new request on it.
!
- The evaluation time specified with -P now also applies to trust anchor
! certificates.
!
- Check that the entire CMS eContent was consumed. Previously, trailing
! data would be silently discarded on deserialization of products.
!
- In file mode do not consider overclaiming intermediate CA certificates
! as invalid. OAA warning is still issued.
!
- Print the revocation time of certificates in file mode.
!
- Be more careful when converting OpenSSL numeric identifiers (NIDs)
! to strings.
!
!
- Added support for RPKI Signed Prefix Lists.
!
- Added an -x flag to opt into parsing and evaluation of file types that are
! still considered experimental.
!
- Added a metric to track the number of new files that were moved to the
! validated cache.
!
- Ensure that the FileAndHashes list in a Manifest contains no duplicate
! file names and no duplicate hashes.
In smtpd(8),