Skip to content

docs: document certificate parser strictness model#55

Merged
leopoldjoy merged 2 commits into
mainfrom
docs/cert-parser-strictness
Jul 7, 2026
Merged

docs: document certificate parser strictness model#55
leopoldjoy merged 2 commits into
mainfrom
docs/cert-parser-strictness

Conversation

@leopoldjoy

Copy link
Copy Markdown
Contributor

Summary

  • document the certificate parser hardening model and accepted-subset invariants
  • explain why non-canonical encodings should stay rejected even after the TBS cache-key fix
  • call out the parser-disagreement risk these hardening checks are meant to avoid

Security value

This gives reviewers and future maintainers a clear invariant to preserve so future parser changes do not accidentally re-open non-DER certificate acceptance surfaces.

Tests

  • git diff main...HEAD --check

Note

Latest main already fails test_DeployableContractsFitEIP170 locally with CertManager runtime bytes 24,708 > 24,576; this docs-only PR does not affect bytecode size.

leopoldjoy and others added 2 commits June 26, 2026 12:50
@leopoldjoy leopoldjoy merged commit fe7ef73 into main Jul 7, 2026
8 checks passed
@leopoldjoy leopoldjoy deleted the docs/cert-parser-strictness branch July 7, 2026 14:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants