===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/75.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- www/75.html 2024/03/02 21:23:01 1.1
+++ www/75.html 2024/03/03 20:55:54 1.2
@@ -158,6 +158,7 @@
...
+
Routing daemons and other userland network improvements:
- rpki-client(8) saw some changes:
+ rpki-client(8) saw these and more changes:
- - ...
+
- Add ability to constrain an RPKI Trust Anchor's effective signing
+ authority to a limited set of Internet numbers. This allows Relying
+ Parties to enjoy the potential benefits of assuming trust, but within
+ a bounded scope.
+
- Following a 'failed fetch' (described in RFC 9286), emit a warning and
+ continue with a previously cached Manifest file.
+
- Emit a warning when the remote repository presents a Manifest with an
+ unexpected manifestNumber.
+
- Improved CRL extension checking.
+
- Experimental support for the P-256 signature algorithm.
+
+
- A failed manifest fetch could result in a NULL pointer dereference or
+ a use after free.
+
- Reject non-conforming RRDP delta elements that contain neither publish
+ nor a withdraw element and fall back to the RRDP snapshot.
+
- Refactoring and minor bug fixes in the warning display functions.
+
+
- The handling of manifests fetched via rsync or RRDP was reworked to
+ fully conform to RFC 9286.
+
- Fix a race condition between closing an idle connection and scheduling a
+ new request on it.
+
- The evaluation time specified with -P now also applies to trust anchor
+ certificates.
+
- Check that the entire CMS eContent was consumed. Previously, trailing
+ data would be silently discarded on deserialization of products.
+
- In file mode do not consider overclaiming intermediate CA certificates
+ as invalid. OAA warning is still issued.
+
- Print the revocation time of certificates in file mode.
+
- Be more careful when converting OpenSSL numeric identifiers (NIDs)
+ to strings.
+
+
- Added support for RPKI Signed Prefix Lists.
+
- Added an -x flag to opt into parsing and evaluation of file types that are
+ still considered experimental.
+
- Added a metric to track the number of new files that were moved to the
+ validated cache.
+
- Ensure that the FileAndHashes list in a Manifest contains no duplicate
+ file names and no duplicate hashes.
In smtpd(8),