From 9c57bc5542b9ea29daf089e2a24eded1811f47af Mon Sep 17 00:00:00 2001 From: Job Snijders Date: Wed, 20 Dec 2023 12:59:47 +0000 Subject: [PATCH] Add 8.7 changelog --- CHANGELOG | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 8a4a139..b4ca7d4 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,40 @@ +Version 8.7 - Dec 20th, 2023 +============================ + +- Introduction of an ability to constrain a RPKI Trust Anchor's + effective signing authority to a limited set of Internet numbers. This + allows Relying Parties to enjoy the potential benefits of assuming + trust, but within a bounded scope. This distribution includes curated + constraints files. More information: + https://datatracker.ietf.org/doc/html/draft-snijders-constraining-rpki-trust-anchors + +- Following a 'failed fetch' (described in RFC 9286), emit a warning and + continue with a previously cached Manifest file, iff present & still + valid. + +- Emit a warning when the same manifestNumber is re-used across multiple + issuances. + +- Emit a warning when the remote repository presents a Manifest with an + unexpected manifestNumber. Purported new manifests are expected to + have a higher manifestNumber than previously validated manifests. If + the purported new manifest contains a manifestNumber value equal to or + lower than the manifestNumber of the previously validated & cached + manifest, the previously cached Manifest file is used. This warning + can be indicative of manifest replays or out-of-order publishing. + +- Require RPKI object files to be of a minimum of 100 bytes in both the + RRDP and RSYNC transports. + +- No longer synchronize directory modtimes in the local cache to align + with remote RSYNC repository sources. + +- Improved CRL extension checking. + +- Experimental support for the P-256 signature algorithm was added. + +- Various refactoring work. + Version 8.6 - Oct 4th, 2023 ==============================