Page MenuHome GnuPG
Create Task
Maniphest T5079

Add compliance flag to trustlist.txt
Open, HighPublic
Actions

Description

For de-vs mode it will be useful to distinguish between different Root CA. An additional flag along with a certchain compliance check can support this.

Revisions and Commits

rG GnuPG
rG6432d17385d0 agent: Fix detection of the trustflag de-vs.
rGd9fdc165e657 agent: Fix detection of the trustflag de-vs.
rG6ff13380a2e3 agent: Fix detection of the trustflag de-vs.
rG6d45fcdd3c3e agent: Add trustlist flag "de-vs".
rGa5360ae4c7bf agent: Add trustlist flag "de-vs".

Related Objects

Event Timeline

werner created this task.Sep 22 2020, 11:13 AM
Jab added a commit: rGb08418d22cc8: gpg: Fix ugly error message for an unknown symkey algorithm..Jan 27 2021, 11:55 AM
aheinecke removed a commit: rGb08418d22cc8: gpg: Fix ugly error message for an unknown symkey algorithm..Jan 27 2021, 12:21 PM
werner lowered the priority of this task from High to Normal.Sep 9 2021, 3:08 PM
werner raised the priority of this task from Normal to High.Jun 7 2022, 4:06 PM
werner added a project: Restricted Project.

A use case for this is to allow the use of S/MIME for de-vs mode and for standard mode while clearly indicating compliant certificates. As of now all certificates matching compliant algorithms are indicated as compliant. The new flag could be used to distinguish between them.

duddeck_rme added a subscriber: duddeck_rme.Jun 7 2022, 4:39 PM
werner edited projects, added gnupg (gpg23); removed gnupg (gpg22).Dec 12 2022, 11:58 AM
werner added a project: gnupg24.Dec 13 2022, 11:21 AM
werner claimed this task.Apr 3 2023, 1:51 PM
werner removed a project: gnupg (gpg23).
werner moved this task from Backlog to WiP on the gnupg24 board.
werner added a commit: rGa5360ae4c7bf: agent: Add trustlist flag "de-vs"..Apr 3 2023, 2:12 PM
werner closed this task as Resolved.Apr 3 2023, 2:16 PM
werner edited projects, added gnupg24 (gnupg-2.4.1); removed gnupg24.

The flag has been implemented in 2.4 but as long as this version has no approval it does not make sense to do anything more. Let's re-open this task if we have a real request for this.

ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Jul 24 2023, 2:12 PM
werner added a commit: rG6d45fcdd3c3e: agent: Add trustlist flag "de-vs"..Sep 7 2023, 5:14 PM
werner reopened this task as Open.Sep 10 2024, 4:12 PM

Given that we backported it to gnupg22 we should go ahead and implement that flag. For example: if the flag is set for any root CA we will show compliance only if that flag is set for the specific root CA. This way we can introduce this feature w/o too much backward incompatibility. We could also hide the feature behind a compatibility flag. There is no reason why we should not add the de-vs trustlist flag to our vsd configuraion files, right away.

werner added a commit: rG6ff13380a2e3: agent: Fix detection of the trustflag de-vs..Sep 17 2024, 1:39 PM
werner added a commit: rGd9fdc165e657: agent: Fix detection of the trustflag de-vs..
werner added a commit: rG6432d17385d0: agent: Fix detection of the trustflag de-vs..Sep 19 2024, 10:13 AM
ebo added a project: gnupg22.Oct 10 2024, 1:50 PM
werner mentioned this in T7030: Release GnuPG 2.4.6.Oct 21 2024, 3:29 PM