diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2024-04-11 15:55:33 +0200 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2024-04-11 15:55:33 +0200 |
| commit | afaf46f277fc16d31f54b8e4f2fe6a643eaaed0a (patch) | |
| tree | 87155494091f8b62a461ea46ba4f924833e1c510 | |
| parent | 8ae49689485700b4f55a1d93299d7cb246265ec8 (diff) | |
openpgp: Move the default v3 signature cutoff to 2021.
- Previously, we rejected v3 signatures after 2007 by default.
However, Panu Matilainen observed:
GnuPG appears to have only switched to v4 by default in version
1.4.8, released on 2007-12-20. Before that was in the hands of
users would've been many more months, and in case of users of
enterprise distro users, years. For example, RHEL 5 (initially
released in early 2007) had 1.4.5 still at it's end-of-life in
2017 (and extended life end at 2020) so users on that would've
still been merrily (and probably unknowingly) producing v3
signatures at 2017.
- RHEL 5 support ended 2020-11-30. Cryptographically, there is
nothing wrong with them. Reject v3 signatures only after
2021-02-01.
- Fixes #948.
| -rw-r--r-- | openpgp/src/policy.rs | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/openpgp/src/policy.rs b/openpgp/src/policy.rs index 9ea4fcb2..61467216 100644 --- a/openpgp/src/policy.rs +++ b/openpgp/src/policy.rs @@ -784,7 +784,7 @@ a_versioned_cutoff_list!(PacketTagCutoffList, Tag, 21, // Note: this list must be sorted and the tag and version must be unique! 2, [ - (Tag::Signature, 3, Some(Timestamp::Y2007M2)), + (Tag::Signature, 3, Some(Timestamp::Y2021M2)), (Tag::Signature, 5, REJECT), // "v5" Signatures. ]); |