diff options
author | Neal H. Walfield <neal@pep.foundation> | 2020-12-14 22:45:43 +0100 |
---|---|---|
committer | Neal H. Walfield <neal@pep.foundation> | 2020-12-14 22:52:43 +0100 |
commit | c31ceb8dab94d2ea08879e36ad450547136ca2e1 (patch) | |
tree | 63c6402bdcfe4fcc41063793d220fe49c1218118 /openpgp/src/cert/amalgamation.rs | |
parent | 360da4f78448dc0b2c2724f5e13a12874604ce3e (diff) |
openpgp: Simplify hash policies.
- The standard policy currently has two policies related to hash
algorithms: when a hash algorithm should be rejected for normal
signatures, and when a hash algorithm should be rejected for
revocation sigantures.
- If we distinguish two security contexts, then we'll have four
policies (the cross product).
- If the currently state is not already unmanageable, then this
certainly is.
- Simplify this by using a single scalar to represent how long a
revocation certificate using a broken hash should continue to be
accepted.
- This is probably sufficiently expressive in practice as this is a
largely inexact science. And, if a more nuanced policy is
required, it is always possible to wrap `StandardPolicy`.
Diffstat (limited to 'openpgp/src/cert/amalgamation.rs')
0 files changed, 0 insertions, 0 deletions