diff options
author | Neal H. Walfield <neal@pep.foundation> | 2021-01-20 09:07:25 +0100 |
---|---|---|
committer | Neal H. Walfield <neal@pep.foundation> | 2021-01-20 13:36:49 +0100 |
commit | 05914322c9239109b6ca41a970f6d005db72eefe (patch) | |
tree | 31136453d9d90906e9f59888470e754cf5db3356 /openpgp/src/policy.rs | |
parent | 3eaca9d75d776226fa022528b59411b8e34b30d5 (diff) |
openpgp: Change StandardPolicy to accept trust signatures.
- Currently, the openpgp crate doesn't process third-party
certifications.
- As such, there are no contexts in the openpgp crate where ignoring
a trust signature subpacket or regular expression subpacket would
lead to an incorrect result.
- Similarly, if an application doesn't process third-party
certifications, it also won't incorrectly handle the trust
signature and regular expression subpackets.
- If an application does process third-party certifications, and
doesn't handle trust signatures or regular expressions, then it
should explicitly opt-out.
- As such, change the StandardPolicy to accept the Trust Signature
subpacket and the Regular Expression subpacket.
Diffstat (limited to 'openpgp/src/policy.rs')
-rw-r--r-- | openpgp/src/policy.rs | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/openpgp/src/policy.rs b/openpgp/src/policy.rs index de537ee1..d6f92d50 100644 --- a/openpgp/src/policy.rs +++ b/openpgp/src/policy.rs @@ -642,8 +642,8 @@ a_cutoff_list!(SubpacketTagCutoffList, SubpacketTag, 36, ACCEPT, // 2. SignatureCreationTime. ACCEPT, // 3. SignatureExpirationTime. ACCEPT, // 4. ExportableCertification. - REJECT, // 5. TrustSignature. - REJECT, // 6. RegularExpression. + ACCEPT, // 5. TrustSignature. + ACCEPT, // 6. RegularExpression. // Note: Even though we don't explicitly honor the // Revocable flag, we don't support signature // revocations, hence it is safe to ACCEPT it. |