Closed andrewgdotcom closed 1 year ago
Thanks for the PR! If you don't mind I'll hold off on this until there's some consensus on the WG list, since it seemed we don't really have one yet, and e.g. Paul Schaub wrote that he would look into adding it to BouncyCastle (or PGPainless, presumably) instead. I'll follow up on the mailing list as well.
@twiss Hi! Is there an update on the status of this PR?
Hey :wave: At IETF 114, there was a poll about this issue, as documented here:
"should we state that implementations MUST reject signatures (v4 or v5) with incorrect signature checksums?" this was supported by 9 and opposed by 1
So, it seems the consensus is in favor of keeping this check. Of course, it can be discussed further on the mailing list, but if consensus stays that way, I think it's unlikely we'll merge this, tbh.
Got it, thank you so much for the answer and linking the discussion!
I'll close this and open a new one with a different approach, it will share no commits with this one so better to start clean.
New PR is #165
closes #107