Handle GPG revocation signatures #263
Labels
ITE and Spec compliance
This relates to the 2019 efforts to match the spec and ITEs
Milestone
Comments
|
Since we are in the process of moving our gpg implementation to securesystemslib, we might want to address the issue over there (see secure-systems-lab/securesystemslib#163). |
3 tasks
3 tasks
SantiagoTorres
added
the
ITE and Spec compliance
|
Will be fixed with secure-systems-lab/securesystemslib#190 (also see #275) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description of issue or feature request:
#257 adds gpg self-signature verification support, for signatures types 0x10-0x13 (certifications) and 0x18 (subkey binding signature). The added infrastructure may be used to also consider other signature types such as,
See RFC4880 5.2.1. Signature Types and 12.1. Key Structures for details about the signatures types and where in the key bundle they occur.
Current behavior:
Revocation type gpg signatures are ignored.
Expected behavior:
Handle revocation type gpg signatures, e.g. ignore revoked keys or certificates and/or warn user about them.
The text was updated successfully, but these errors were encountered: