diff options
author | Neal H. Walfield <neal@pep.foundation> | 2019-11-11 19:51:04 +0100 |
---|---|---|
committer | Neal H. Walfield <neal@pep.foundation> | 2019-11-19 11:04:05 +0100 |
commit | ec03e1614a48fbe30f1200cb18bb00c7135f5242 (patch) | |
tree | 363aa6030de4fcb00d727830acbc308703a20468 /tool | |
parent | a5fade1d635d75e474294a06870251d8f617db08 (diff) |
openpgp: Be tolerant when deciding wheter a signature is alive.
- Consider the following scenario: computer A's clock says 9:00.00
and signs and sends a message to computer B. Computer B's clock
says 8:59.59, it receives the message and tries to verify it.
From Computer B's perspective, the signature is not valid, because
it was generated in the future.
- This situation occured, because the two clocks were not completely
synchronized. Unfortunately, a few seconds of clock skew are not
unusual, particularly when dealing with VMs.
- Since it is almost always better to consider such messages as
valid, be tolerant when deciding whether a signature is alive.
Diffstat (limited to 'tool')
-rw-r--r-- | tool/src/commands/inspect.rs | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tool/src/commands/inspect.rs b/tool/src/commands/inspect.rs index ee915c54..23ebe8a5 100644 --- a/tool/src/commands/inspect.rs +++ b/tool/src/commands/inspect.rs @@ -151,7 +151,7 @@ fn inspect_tpk(output: &mut dyn io::Write, tpk: &openpgp::TPK, if let Some(sig) = uidb.binding_signature(None) { if sig.signature_expired(None) { writeln!(output, " Expired")?; - } else if ! sig.signature_alive(None) { + } else if ! sig.signature_alive(None, time::Duration::seconds(0)) { writeln!(output, " Not yet valid")?; } } |