FIX: verifylib: fix subkey keyid resolution #201
Conversation
The load_links_for_layout method in verifylib didn't account for subkey_keyid's when resolving signatures. Add code to iterate over the subkeys when verifying signatures made with gpg keys.
1 similar comment
| except IOError: | ||
| pass | ||
| except IOError: | ||
| pass | ||
|
|
||
| # Check if the step has been performed by enough number of functionaries | ||
| if len(links_per_step) < step.threshold: |
There was a problem hiding this comment.
Is the master key, along with its subkeys, considered one unique functionary? Correct me if I'm wrong, but it seems like the code is counting each subkey towards the threshold requirement.
I was expecting (MasterKey, SubKey1, SubKey2) to be treated as one trusted key. If you want three different people to sign for a step, isn't it wrong to accept three different subkeys from just one person?
There was a problem hiding this comment.
Good thinking, @vladimir-v-diaz! This is something that we have to consider, but not in above function, which only performs a preliminary threshold verification, i.e. do we even have enough link files, but rather in the actual signature threshold verification function veriflylib. verify_link_signature_thresholds.
Currently, a functionary could indeed bypass the required threshold by providing threshold link files signed with different subkeys of an authorized master key.
There was a problem hiding this comment.
Hmm, I guess a check is in order in the right place. I'll give this a go this week...
There was a problem hiding this comment.
I've moved this discussion to ticket #202. I'll be merging this as-is in order to prepare a new minor release.
The load_links_for_layout method in verifylib didn't account for subkey_keyid's
when resolving signatures. Add code to iterate over the subkeys when verifying
signatures made with gpg keys.