Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix!: only verify self-signatures over user ids and attributes #448

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

hko-s
Copy link
Contributor

@hko-s hko-s commented Dec 20, 2024

This should fix deltachat/deltachat-core-rust#6350 (which I now believe is caused by the existence of third-party User ID certifications)

@dignifiedquire
Copy link
Member

can you add an explicit test please?

@hko-s
Copy link
Contributor Author

hko-s commented Dec 20, 2024

can you add an explicit test please?

good point. done.

@dignifiedquire dignifiedquire changed the title fix: only verify self-signatures over user ids and attributes fix!: only verify self-signatures over user ids and attributes Dec 23, 2024
@dignifiedquire
Copy link
Member

So while I understand the priniciple fix, I am not 100% convinced this should be merged as is. My current concern is , this means ending up with a bunch of signatures that are invalid/not verified on these calls, without any information about it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Failed to import secret key
2 participants