Closed bwbroersma closed 1 year ago
Thank you for reporting this issue.
We looked into it and agree that this situation could be confusing. We have added an additional error signed_format_issue
, if the signed file is not formatted correctly than the error will be shown with the message "Signed security.txt files must start with the begin pgp signed message as the document header" and it will not have the line errors or unknown field recommendations that it currently would show.
This addition is added in version 0.8.1
Link to commit of the fix: https://github.com/DigitalTrustCenter/sectxt/commit/0143a961d11b2dd1f26c22e0dc0d990c134d7a1c
We had a problem with some agency having a valid PGP signed message, but starting with white space, which is not valid according to https://www.rfc-editor.org/rfc/rfc9116#section-4:
However, it can still have a valid PGP signature.
That was the start of the confusion, since internet.nl then generates lot's of errors (for every PGP line!), e.g.:
Which lines would correspond with:
The user did not initially understand that it just needed to remove the initial white space (
\r\n
), so thatIt would be nice to detect this 'special' misconfiguration of security.txt, since I can see it happening more often, and then generate a complain problem on internet.nl.