CHANGES.txt

Revision 0.4.6, released xx-xx-2025
-----------------------------------
- Added RFC9688 for SHA3 One-way Hash Functions in the CMS

Revision 0.4.5, released 02-09-2024
-----------------------------------
- Require pyasn1 0.5.0 to force people to the maintained version
- Dropped support for EOL Python 2.7, 3.6, and 3.7
- Added RFC9598 for Internationalized Email Addresses in X.509 Certificates
- Added RFC9582 for RPKI Route Origin Authorizations (ROAs)
- Added RFC9579 for Use of PBMAC1 in the PKCS #12 Syntax
- Improve RFC9480 by updating the algorithm identifier map and fix typo
- Improve RFC8708 by addressing errata eid7963, which only changes a comment
- Added RFC9608 for the noRevAvail Certificate Extension
- Improve RFC6401 by addressing errata eid3943, eid5931, and eid6571
- Added RFC9629 for CMS KEMRecipientInfo
- Added RFC9654 for Online Certificate Status Protocol (OCSP) Nonce Extension

Revision 0.4.4, released 03-22-2024
-----------------------------------
- Added support for Python 3.12, and dropped support for Python 3.5.
- Added RFC9548 for Generating Transport Key Containers Using the GOST Algorithms
- Added RFC8964 for Online Certificate Status Protocol (OCSP) with Nonce constraints
- Modified RFC9480 (CMP updates) to make InfoTypeAndValue['infoType'] optional

Revision 0.4.3, released 08-02-2024
-----------------------------------
- Update the copyright comment lines for 2024
- Include support for Python 3.11 in setup.py
- Update RFC9215 to use OID names from RFC 9215 for GOST R 34.10-2012
- Added RFC9385 providing GOST R 34.10-2012 Algorithm for IKEv2
- Added RFC9345 providing Delegated Credentials for TLS and DTLS
- Added RFC3546 providing PkiPath as used in TLS Extensions
- Added RFC4366 providing PkiPath as used in TLS Extensions
- Added RFC9399 providing Logotypes in X.509 Certificates
- Dropped RFC5794 because the support for RELATIVE-OID is too fragile
- Added RFC9480 providing Certificate Management Protocol (CMP) updates
- Added RFC9481 providing Certificate Management Protocol (CMP) algorithms
- Update RFC5280 to add size constraint to policyQualifiers field of PolicyInformation
- Added RFC9509 providing Extended Key Usage (EKU) for 5G Network Functions
- Update RFC3739 to apply https://www.rfc-editor.org/errata/eid7802

Revision 0.4.2, released 09-01-2023
-----------------------------------
- Added RFC2898 providing PKCS #5, Version 2.0
- Added RFC9215 providing GOST R 34.10-2012 and GOST R 34.11-2012 Algorithms
- Added RFC5698 providing Data Structure for the Security Suitability of
  Cryptographic Algorithms (DSSC)
- Added RFC9286 providing RPKI Manifests, which obsoletes RFC6484
- Improve tests for RFC2985, RFC370, RFC3657, RFC4010, RFC4055, RFC6494,
  RFC7914, and RFC8692
- Added RFC9289 providing Extended Key Usage values for RPC over TLS
- Modified RFC9286 to apply https://www.rfc-editor.org/errata/eid7118
- Added RFC9323 providing RPKI Signed Checklist (RSC)
- Added RFC9336 providing Extended Key Usage (EKU) for Document Signing
- Added RFC9337 providing GOST Algorithms with PKCS#5
- Correct typo in a comment in RFC8708
- Added RFC9310 providing 5G NF Types certificate extension

Revision 0.4.1, released 16-02-2022
-----------------------------------
- Update RFC4210 to import from RFC 5280, RFC 4211, and RFC6402 instead of
  earlier RFCs covering the same things
- Update RFC4211 to import from RFC 5280 and RFC5252 instead of earlier
  RFCs covering the same things, and to include an opentype map for
  AttributeTypeAndValue
- Add RFC9118 providing Enhanced JWT Claim Constraints certificate extension
- Add RFC2743 providing GSSAPI Tokens
- Add addon providing a place for features that are not supported by pyasn1;
  addon.RelativeOID is the first add-on feature
- Add RFC5794 providing the ARIA Encryption Algorithm
- Add RFC9174 providing naming and extended key usage for the Delay-Tolerant
  Networking TCP Convergence Layer Version 4
- Improve the test for RFC6486
- Improve the test for RFC9174
- Update the copyright lines for 2022
- Improve RFC3709 to enforce WITH COMPONENTS constraints
- Add RFC9189 providing GOST Cipher Suites for TLS 1.2
- Improve RFC5280 by adding defined policy qualifiers to map (CBonnell)

Revision 0.4.0, released 10-07-2021
-----------------------------------
- Added opentypemap to manage the open type maps for all modules
- Add RFC9092 providing CMS Content Type for Geofeed Data

Revision 0.3.2, released 14-06-2021
-----------------------------------
- Modified RFC5280 to use CRLNumber() in the extensions opentype map.

Revision 0.3.1, released 13-06-2021
-----------------------------------
- Add RFC4056 providing RSASSA-PSS Signature Algorithm in CMS
- Add RFC4059 providing Warranty Certificate Extension
- Add RFC4262 providing S/MIME Capabilities Certificate Extension
- Add RFC4998 providing Evidence Record Syntax (ERS)
- Add RFC5055 providing Server-Based Certificate Validation Protocol (SCVP)
- Add RFC5276 providing SCVP updates to convey Long-Term Evidence Records
- Add RFC5544 providing the TimeStampedData Content Type
- Add RFC6066 providing PkiPath for the pkix-pkipath media type
- Add RFC6492 providing a protocol for provisioning RPKI certificates
- Add RFC6962 providing Certificate Transparency
- Add RFC7693 providing BLAKE2 Cryptographic Hash and MAC
- Add RFC7836 providing algorithms identifiers and parameters for
  GOST R 34.10-2012 and GOST R 34.11-2012
- Modified RFC4357 to support the new parameter set in RFC7836
- Add RFC8994 providing ACP Node Name in X.509 Certificates
- Add RFC8995 providing the masa-url certificate extension used by BRSKI
- Add RFC9044 providing algorithm identifiers for AES-GMAC
- Modified RFC4055 to include the PKCS#1 v1.5 algorithm identifiers
- Add RFC2040 providing identifiers for RC5
- Add RFC2528 providing identifiers for the Key Exchange Algorithm (KEA)
- Add RFC3217 providing identifiers for Triple-DES and RC2 Key Wrapping 
- Add RFC3874 providing identifiers for SHA-224
- Add RFC4231 providing identifiers for HMAC-SHA-224, HMAC-SHA-256,
  HMAC-SHA-384, and HMAC-SHA-512
- Add RFC6484 providing the RPKI Certificate Policy identifier
- Add RFC6493 providing the RPKI Ghostbusters Record
- Add RFC6494 providing the extended key usage identifiers for use with
  SEcure Neighbor Discovery (SEND) certificate profile
- Add RFC8737 providing the ACME TLS ALPN Challenge Certificate Extension
- Add RFC8951 providing Enrollment over Secure Transport (EST) clarifications
- Add a simple test for the RFC6170 module
- Add RFC8894 providing Simple Certificate Enrolment Protocol (SCEP)
- Modified RFC5990 to update the S/MIME Capabilities map
- Improve test routines for RFC6664

Revision 0.3.0, released 08-06-2021
-----------------------------------
- Added support for Python 3.8
- Added tox runner with a handful of basic jobs
- Add RFC3125 providing Electronic Signature Policies
- Add RFC5126 providing CMS Advanced Electronic Signatures (CAdES)
- Removed support for EOL Pythons 2.4, 2.5, 2.6, 3.2, 3.3 and 3.4
- Improve test routines for RFC5126
- Add RFC4387 providing Certificate Store Access via HTTP
- Changed assertion in unit tests from Python built-in to `unittest`
  provided
- Add RFC8692 providing Algorithm Identifiers for RSASSA-PSS and
  ECDSA Using SHAKEs
- Add RFC5753 providing CMS Elliptic Curve Cryptography Algorithms
- Add RFC3820 providing Proxy Certificates
- Add RFC3370 providing Cryptographic Message Syntax (CMS) Algorithms
- Add RFC3537 providing HMAC Key Wrapping
- Add RFC3739 providing Qualified Certificates
- Add RFC2876 providing KEA and SKIPJACK for CMS
- Add RFC3058 providing IDEA Encryption Algorithm for CMS 
- Add RFC3657 providing Camellia Encryption Algorithm for CMS 
- Add RFC4010 providing SEED Encryption Algorithm for CMS 
- Add RFC4357 providing Additional Cryptographic Algorithms for Use with
  GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94
- Add RFC4490 providing GOST 28147-89, GOST R 34.11-94, GOST R 34.10-94,
  and GOST R 34.10-2001 Algorithms for CMS 
- Add RFC4491 providing GOST R 34.10-94, GOST R 34.10-2001, and
  GOST R 34.11-94 Algorithms for certificates and CRLs
- Add RFC8696 providing using Pre-Shared Key (PSK) in the CMS
- Add RFC5639 providing identifiers for the Brainpool curves in
  Elliptic Curve Cryptography
- Add RFC5697 providing Other Certificates Extension
- Add RFC4683 providing Subject Identification Method (SIM)
- Add RFC4476 providing Attribute Certificate Policies Extension
- Add RFC5636 providing Traceable Anonymous Certificate
- Add RFC5752 providing Multiple Signatures attribute for CMS
- Add RFC5275 providing CMS Symmetric Key Management and Distribution
- Add RFC8702 providing SHAKE One-way Hash Functions in the CMS
- Add RFC8708 providing HSS/LMS Hash-based Signature Algorithm for CMS
- Add RFC8769 providing CBOR and CBOR Sequence content types for CMS
- Improve the test routine for RFC4055
- Fork from pyasn1-modules to create pyasn1-alt-modules
- Advance copyright statement to year 2021
- Update pointer to license file

Revision 0.2.8, released 16-11-2019
-----------------------------------
- Improve test routines for modules that use certificate extensions
- Improve test for RFC3709 with a real world certificate
- Added RFC7633 providing TLS Features Certificate Extension
- Added RFC7229 providing OIDs for Test Certificate Policies
- Added tests for RFC3280, RFC3281, RFC3852, and RFC4211
- Added RFC6960 providing Online Certificate Status Protocol (OCSP)
- Added RFC6955 providing Diffie-Hellman Proof-of-Possession Algorithms
- Updated the handling of maps for use with openType for RFC 3279
- Added RFC6486 providing RPKI Manifests
- Added RFC6487 providing Profile for X.509 PKIX Resource Certificates
- Added RFC6170 providing Certificate Image in the Internet X.509 Public
  Key Infrastructure, and import the object identifier into RFC3709.
- Added RFC6187 providing Certificates for Secure Shell Authentication
- Added RFC6482 providing RPKI Route Origin Authorizations (ROAs)
- Added RFC6664 providing S/MIME Capabilities for Public Keys
- Added RFC6120 providing Extensible Messaging and Presence Protocol
  names in certificates
- Added RFC4985 providing Subject Alternative Name for expression of
  service names in certificates
- Added RFC5924 providing Extended Key Usage for Session Initiation
  Protocol (SIP) in X.509 certificates
- Added RFC5916 providing Device Owner Attribute
- Added RFC7508 providing Securing Header Fields with S/MIME
- Update RFC8226 to use ComponentPresentConstraint() instead of the
  previous work around
- Add RFC2631 providing OtherInfo for Diffie-Hellman Key Agreement
- Add RFC3114 providing test values for the S/MIME Security Label
- Add RFC5755 providing Attribute Certificate Profile for Authorization
- Add RFC5913 providing Clearance Attribute and Authority Clearance
  Constraints Certificate Extension
- Add RFC5917 providing Clearance Sponsor Attribute
- Add RFC4043 providing Internet X.509 PKI Permanent Identifier
- Add RFC7585 providing Network Access Identifier (NAI) Realm Name
  for Certificates
- Update RFC3770 to support openType for attributes and reported errata
- Add RFC4334 providing Certificate Extensions and Attributes for
  Authentication in PPP and Wireless LAN Networks

Revision 0.2.7, released 09-10-2019
-----------------------------------
- Added maps for use with openType to RFC 3565
- Added RFC2985 providing PKCS#9 Attributes
- Added RFC3770 providing Certificate Extensions and Attributes for
  Authentication in PPP and Wireless LAN Networks
- Added RFC5914 providing Trust Anchor Format
- Added RFC6010 providing CMS Content Constraints (CCC) Extension
- Added RFC6031 providing CMS Symmetric Key Package Content Type
- Added RFC6032 providing CMS Encrypted Key Package Content Type
- Added RFC7030 providing Enrollment over Secure Transport (EST)
- Added RFC7292 providing PKCS #12, which is the Personal Information
  Exchange Syntax v1.1
- Added RFC8018 providing PKCS #5, which is the Password-Based
  Cryptography Specification, Version 2.1
- Automatically update the maps for use with openType for RFC3709,
  RFC6402, RFC7191, and RFC8226 when the module is imported
- Added RFC6211 providing CMS Algorithm Identifier Protection Attribute
- Added RFC8449 providing Certificate Extension for Hash Of Root Key
- Updated RFC2459 and RFC5280 for TODO in the certificate extension map
- Added RFC7906 providing NSA's CMS Key Management Attributes
- Added RFC7894 providing EST Alternative Challenge Password Attributes
- Updated the handling of maps for use with openType so that just doing
  an import of the modules is enough in most situations; updates to
  RFC 2634, RFC 3274, RFC 3779, RFC 4073, RFC 4108, RFC 5035, RFC 5083,
  RFC 5084, RFC 5480, RFC 5940, RFC 5958, RFC 6019, and RFC 8520
- Updated the handling of attribute maps for use with openType in
  RFC 5958 to use the rfc5652.cmsAttributesMap
- Added RFC5990 providing RSA-KEM Key Transport Algorithm in the CMS
- Fixed malformed `rfc4210.RevRepContent` data structure layout
- Added RFC5934 providing Trust Anchor Management Protocol (TAMP)
- Added RFC6210 providing Experiment for Hash Functions with Parameters
- Added RFC5751 providing S/MIME Version 3.2 Message Specification
- Added RFC8494 providing Multicast Email (MULE) over ACP 142
- Added RFC8398 providing Internationalized Email Addresses in
  X.509 Certificates
- Added RFC8419 providing Edwards-Curve Digital Signature Algorithm
  (EdDSA) Signatures in the CMS
- Added RFC8479 providing Storing Validation Parameters in PKCS#8
- Added RFC8360 providing Resource Public Key Infrastructure (RPKI)
  Validation Reconsidered
- Added RFC8358 providing Digital Signatures on Internet-Draft Documents
- Added RFC8209 providing BGPsec Router PKI Profile
- Added RFC8017 providing PKCS #1 Version 2.2
- Added RFC7914 providing scrypt Password-Based Key Derivation Function
- Added RFC7773 providing Authentication Context Certificate Extension

Revision 0.2.6, released 31-07-2019
-----------------------------------
- Added RFC3560 providing RSAES-OAEP Key Transport Algorithm
  in CMS
- Added RFC6019 providing BinaryTime - an alternate format
  for representing Date and Time
- RFC3565 superseded by RFC5649
- Added RFC5480 providng Elliptic Curve Cryptography Subject
  Public Key Information
- Added RFC8520 providing X.509 Extensions for MUD URL and
  MUD Signer
- Added RFC3161 providing Time-Stamp Protocol support
- Added RFC3709 providing Logotypes in X.509 Certificates
- Added RFC3274 providing CMS Compressed Data Content Type
- Added RFC4073 providing Multiple Contents protection with CMS
- Added RFC2634 providing Enhanced Security Services for S/MIME
- Added RFC5915 providing Elliptic Curve Private Key
- Added RFC5940 providing CMS Revocation Information Choices
- Added RFC7296 providing IKEv2 Certificate Bundle
- Added RFC8619 providing HKDF Algorithm Identifiers
- Added RFC7191 providing CMS Key Package Receipt and Error Content
  Types
- Added openType support for ORAddress Extension Attributes and
  Algorithm Identifiers in the RFC5280 module
- Added RFC5035 providing Update to Enhanced Security Services for
  S/MIME
- Added openType support for CMS Content Types and CMS Attributes
  in the RFC5652 module
- Added openType support to RFC 2986 by importing definitions from
  the RFC 5280 module so that the same maps are used.
- Added maps for use with openType to RFC 2634, RFC 3274, RFC 3709,
  RFC 3779, RFC 4055, RFC 4073, RFC 4108, RFC 5035, RFC 5083, RFC 5480,
  RFC 5940, RFC 5958, RFC 6010, RFC 6019, RFC 6402, RFC 7191, RFC 8226,
  and RFC 8520
- Changed `ValueSizeConstraint` erroneously applied to `SequenceOf`
  and `SetOf` objects via `subtypeConstraint` attribute to be applied
  via `sizeSpec` attribute. Although `sizeSpec` takes the same constraint
  objects as `subtypeConstraint`, the former is only verified on
  de/serialization i.e. when the [constructed] object at hand is fully
  populated, while the latter is applied to [scalar] types at the moment
  of instantiation.

Revision 0.2.5, released 24-04-2019
-----------------------------------
- Added module RFC5958 providing Asymmetric Key Packages,
  which is essentially version 2 of the PrivateKeyInfo
  structure in PKCS#8 in RFC 5208
- Added module RFC8410 providing algorithm Identifiers for
  Ed25519, Ed448, X25519, and X448
- Added module RFC8418 providing Elliptic Curve Diffie-Hellman
  (ECDH) Key Agreement Algorithm with X25519 and X448
- Added module RFC3565 providing Elliptic Curve Diffie-Hellman
  Key Agreement Algorithm use with X25519 and X448 in the
  Cryptographic Message Syntax (CMS)
- Added module RFC4108 providing CMS Firmware Wrapper
- Added module RFC3779 providing X.509 Extensions for IP
  Addresses and AS Identifiers
- Added module RFC4055 providing additional Algorithms and
  Identifiers for RSA Cryptography for use in Certificates
  and CRLs

Revision 0.2.4, released 26-01-2018
-----------------------------------
- Added modules for RFC8226 implementing JWT Claim Constraints
  and TN Authorization List for X.509 certificate extensions
- Fixed bug in `rfc5280.AlgorithmIdentifier` ANY type definition

Revision 0.2.3, released 30-12-2018
-----------------------------------
- Added modules for RFC5083 and RFC5084 (CMS)
- Copyright notice extended to the year 2019

Revision 0.2.2, released 28-06-2018
-----------------------------------
- Copyright notice extended to the year 2018
- Migrated references from SourceForge
- rfc2986 module added

Revision 0.2.1, released 23-11-2017
-----------------------------------
- Allow ANY DEFINED BY objects expanding automatically if requested
- Imports PEP8'ed

Revision 0.1.5, released 10-10-2017
-----------------------------------
- OCSP response blob fixed in test
- Fixed wrong OCSP ResponderID components tagging

Revision 0.1.4, released 07-09-2017
-----------------------------------
- Typo fixed in the dependency spec

Revision 0.1.3, released 07-09-2017
-----------------------------------
- Apparently, pip>=1.5.6 is still widely used and it is not PEP440
  compliant. Had to replace the `~=` version dependency spec with a
  sequence of simple comparisons to remain compatible with the aging pip.

Revision 0.1.2, released 07-09-2017
-----------------------------------
- Pinned to pyasn1 ~0.3.4

Revision 0.1.1, released 27-08-2017
-----------------------------------
- Tests refactored into proper unit tests
- pem.readBase64fromText() convenience function added
- Pinned to pyasn1 0.3.3

Revision 0.0.11, released 04-08-2017
------------------------------------
- Fixed typo in ASN.1 definitions at rfc2315.py

Revision 0.0.10, released 27-07-2017
------------------------------------
* Fixed SequenceOf initializer to pass now-mandatory componentType
  keyword argument (since pyasn1 0.3.1)
* Temporarily fixed recursive ASN.1 type definition to work with
  pyasn1 0.3.1+. This is going to be fixed properly shortly.

Revision 0.0.9, released 01-06-2017
-----------------------------------
* More CRL data structures added (RFC3279)
* Added X.509 certificate extensions map
* Added X.509 attribute type map
* Fix to __doc__ use in setup.py to make -O0 installation mode working
* Copyright added to source files
* More PEP-8'ing done on the code
* Author's e-mail changed

Revision 0.0.8, released 28-09-2015
-----------------------------------
- Wheel distribution format now supported
- Fix to misspelled rfc2459.id_at_sutname variable
- Fix to misspelled rfc2459.NameConstraints component tag ID
- Fix to misspelled rfc2459.GeneralSubtree component default status

Revision 0.0.7, released 01-08-2015
-----------------------------------
- Extensions added to text files, CVS attic flushed.
- Fix to rfc2459.BasicConstraints syntax.

Revision 0.0.6, released 21-06-2015
-----------------------------------
- Typo fix to id_kp_serverAuth object value
- A test case for indefinite length encoding eliminated as it's
  forbidden in DER.

Revision 0.0.5
--------------
- License updated to vanilla BSD 2-Clause to ease package use
  (http://opensource.org/licenses/BSD-2-Clause).
- Missing components added to rfc4210.PKIBody.
- Fix to rfc2459.CRLDistPointsSyntax typo.
- Fix to rfc2511.CertReqMsg typo.

Revision 0.0.4
--------------
- CMP structures (RFC4210), cmpdump.py tool and test case added.
- SNMPv2c Message syntax (RFC1901) properly defined.
- Package version established in form of __init__.__version__
  which is in-sync with distutils.
- Package meta information and classifiers updated.

Revision 0.0.3
--------------
- Text cases implemented
- X.509 CRMF structures (RFC2511) and crmfdump.py tool added
- X.509 CRL structures and crldump.py tool added
- PKCS#10 structures and pkcs10dump.py tool added
- PKCS#8 structures and pkcs8dump.py tool added
- PKCS#1 (rfc3447) structures added
- OCSP request & response dumping tool added
- SNMPv2c & SNMPv3/USM structures added
- keydump.py moved into pkcs1dump.py
- PEM files read function generalized to be used more universally.
- complete PKIX1 '88 code implemented at rfc2459.py

Revision 0.0.2
--------------
- Require pyasn1 >= 0.1.1
- Fixes towards Py3K compatibility
  + use either of existing urllib module
  + adopt to the new bytes type
  + print operator is now a function
  + new exception syntax

Revision 0.0.1a
---------------
- Initial revision, most code carried from pyasn1 examples.