New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

openpgp: use latest subkey binding signature #57

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
5 participants
@paulfurley
Copy link
Contributor

paulfurley commented Sep 14, 2018

Rather than using the first subkey binding signature encountered, use
the one with the most recent creation data, as per the recommendation from
RFC 4880:

An implementation that encounters multiple self-signatures on the
same object may resolve the ambiguity in any way it sees fit, but it
is RECOMMENDED that priority be given to the most recent self-
signature.

This allows subkeys to approach expiry then be re-signed with a new expiry.

This extends the recent commit 0e37d00 by @aviau and @FiloSottile.

Fixes golang/go#26468

openpgp: use latest subkey binding signature
Rather than using the *first* subkey binding signature encountered, use
the one with the most recent creation data, as per the recommendation from RFC
4880:

> An implementation that encounters multiple self-signatures on the
> same object may resolve the ambiguity in any way it sees fit, but it
> is RECOMMENDED that priority be given to the most recent self-
> signature.

This allows subkeys to approach expiry then be re-signed with a new
expiry.

@googlebot googlebot added the cla: yes label Sep 14, 2018

@gopherbot

This comment has been minimized.

Copy link

gopherbot commented Sep 14, 2018

This PR (HEAD: 0da8141) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/crypto/+/135357 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

@gopherbot

This comment has been minimized.

Copy link

gopherbot commented Sep 15, 2018

Message from Gerrit User 27580:

Patch Set 1:

That is nice, I was about to follow-up with a patch like this. I'd like to see a test!


Please don’t reply on this GitHub thread. Visit golang.org/cl/135357.
After addressing review feedback, remember to publish your drafts!

@aviau

This comment has been minimized.

Copy link
Contributor

aviau commented Sep 27, 2018

@paulfurley Are you willing to write a test? If not, do you mind if I take over and write one?

@gopherbot

This comment has been minimized.

Copy link

gopherbot commented Sep 27, 2018

Message from Gerrit User 11715:

Patch Set 2: Published edit on patch set 1.


Please don’t reply on this GitHub thread. Visit golang.org/cl/135357.
After addressing review feedback, remember to publish your drafts!

@gopherbot

This comment has been minimized.

Copy link

gopherbot commented Sep 27, 2018

Message from Gerrit User 11715:

Patch Set 3: Commit message was updated.


Please don’t reply on this GitHub thread. Visit golang.org/cl/135357.
After addressing review feedback, remember to publish your drafts!

@gopherbot

This comment has been minimized.

Copy link

gopherbot commented Sep 27, 2018

Message from Gerrit User 12446:

Uploaded patch set 5: Commit message was updated.


Please don’t reply on this GitHub thread. Visit golang.org/cl/135357.
After addressing review feedback, remember to publish your drafts!

@gopherbot

This comment has been minimized.

Copy link

gopherbot commented Sep 27, 2018

Message from Gerrit User 12446:

Uploaded patch set 6: Commit message was updated.


Please don’t reply on this GitHub thread. Visit golang.org/cl/135357.
After addressing review feedback, remember to publish your drafts!

@paulfurley

This comment has been minimized.

Copy link
Contributor Author

paulfurley commented Sep 27, 2018

Hey @aviau! Sorry! It's on our (long) list of TODOs and we haven't managed to get to it yet. I'd be delighted if you took over. Next PR will have tests! Deal? :)

cc @idrysdale

@aviau

This comment has been minimized.

Copy link
Contributor

aviau commented Sep 27, 2018

I have written a test in a follow-up patch here:
https://go-review.googlesource.com/c/crypto/+/138215

cc @FiloSottile

@chonthu

This comment has been minimized.

Copy link

chonthu commented Oct 1, 2018

+1 to get this merged

cc @FiloSottile

@gopherbot

This comment has been minimized.

Copy link

gopherbot commented Oct 1, 2018

Message from Gerrit User 11715:

Patch Set 6: Code-Review+2


Please don’t reply on this GitHub thread. Visit golang.org/cl/135357.
After addressing review feedback, remember to publish your drafts!

gopherbot pushed a commit that referenced this pull request Oct 1, 2018

openpgp: use latest subkey binding signature
Rather than using the first subkey binding signature encountered, use
the one with the most recent creation data, as per the recommendation from
RFC 4880:

> An implementation that encounters multiple self-signatures on the
> same object may resolve the ambiguity in any way it sees fit, but it
> is RECOMMENDED that priority be given to the most recent self-
> signature.

This allows subkeys to approach expiry then be re-signed with a new expiry.

This extends the recent commit 0e37d00 by @aviau and @FiloSottile.

Fixes golang/go#26468

Change-Id: I7f12706727373259c188bfee4254306ef9d4e935
GitHub-Last-Rev: 0da8141
GitHub-Pull-Request: #57
Reviewed-on: https://go-review.googlesource.com/135357
Reviewed-by: Filippo Valsorda <filippo@golang.org>
@gopherbot

This comment has been minimized.

Copy link

gopherbot commented Oct 1, 2018

This PR is being closed because golang.org/cl/135357 has been merged.

@gopherbot gopherbot closed this Oct 1, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment