Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/openpgp: implement certification revocation signature #27602

Closed
aviau opened this issue Sep 10, 2018 · 6 comments
Closed

x/crypto/openpgp: implement certification revocation signature #27602

aviau opened this issue Sep 10, 2018 · 6 comments

Comments

@aviau
Copy link

aviau commented Sep 10, 2018

It would be great if the openpgp package implemented Certification revocation signature as defined in RFC4880.

Currently, depending on the packet ordering, the openpgp package can add revoked identities to the entity's identities slice, this can be misleading because there is no possibility to see that it has been revoked.

@gopherbot gopherbot added this to the Unreleased milestone Sep 10, 2018
@gopherbot
Copy link

Change https://golang.org/cl/118995 mentions this issue: openpgp: implement Cert Revocation Signature

@aviau
Copy link
Author

aviau commented Sep 26, 2018

@FiloSottile <3

@aviau
Copy link
Author

aviau commented Oct 2, 2018

ping @FiloSottile, you reviewed one of the dependencies but not the main changeset.

(also, I have added you as a reviewer to this smaller change: https://go-review.googlesource.com/c/crypto/+/138997)

Cheers,

@aviau
Copy link
Author

aviau commented Oct 22, 2018

Ping @FiloSottile. You mind me reminding you again?

The changeset is here: https://golang.org/cl/118995

@aviau
Copy link
Author

aviau commented Feb 26, 2019

I'll try again...

Ping @FiloSottile

@FiloSottile
Copy link
Contributor

Per the accepted #44226 proposal and due to lack of maintenance, the golang.org/x/crypto/openpgp package is now frozen and deprecated. No new changes will be accepted except for security fixes. The package will not be removed.

If this is a security issue, please email security@golang.org and we will assess it and provide a fix.

If you're looking for alternatives, consider the crypto/ed25519 package for simple signatures, golang.org/x/mod/sumdb/note for inline signatures, or filippo.io/age for encryption. You can read a summary of OpenPGP issues and alternatives here.

If you are required to interoperate with OpenPGP systems and need a maintained package, we suggest considering one of multiple community forks of golang.org/x/crypto/openpgp. We don't endorse any specific one.

@golang golang locked and limited conversation to collaborators Mar 29, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants