New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/crypto/openpgp: implement certification revocation signature #27602
Comments
Change https://golang.org/cl/118995 mentions this issue: |
@FiloSottile <3 |
ping @FiloSottile, you reviewed one of the dependencies but not the main changeset. (also, I have added you as a reviewer to this smaller change: https://go-review.googlesource.com/c/crypto/+/138997) Cheers, |
Ping @FiloSottile. You mind me reminding you again? The changeset is here: https://golang.org/cl/118995 |
I'll try again... Ping @FiloSottile |
Per the accepted #44226 proposal and due to lack of maintenance, the golang.org/x/crypto/openpgp package is now frozen and deprecated. No new changes will be accepted except for security fixes. The package will not be removed. If this is a security issue, please email security@golang.org and we will assess it and provide a fix. If you're looking for alternatives, consider the crypto/ed25519 package for simple signatures, golang.org/x/mod/sumdb/note for inline signatures, or filippo.io/age for encryption. You can read a summary of OpenPGP issues and alternatives here. If you are required to interoperate with OpenPGP systems and need a maintained package, we suggest considering one of multiple community forks of golang.org/x/crypto/openpgp. We don't endorse any specific one. |
It would be great if the openpgp package implemented Certification revocation signature as defined in RFC4880.
Currently, depending on the packet ordering, the openpgp package can add revoked identities to the entity's identities slice, this can be misleading because there is no possibility to see that it has been revoked.
The text was updated successfully, but these errors were encountered: