Closed christopher-henderson closed 2 years ago
cardonator
commented
2 years ago These changes seem positive to me. I know an onion cleanup ballot is being discussed in the forum right now. Will that affect how these lints should work going forward? I think we are planning to deprecate V2 Onion EV certs at least.
christopher-henderson
commented
2 years ago @cardonator I'm not familiar with the work being drafted up for onion, but I can say that even though certain language and technologies get deprecated, that ZLint tends towards keeping those lints around as-is (for both historical interest as well as the likelihood that there is someone out there using these lint result to litigate their own point in private discussions regarding some in-house implementations/deployments). This is precisely why we have the Inneffective date declaration so that certificates can exist within a bubble of time without either being completely ignored or poisoning future ecosystems.
cardonator
commented
2 years ago Ah, right, good call. I forgot about the ineffective date. That sounds good.
As a part of the discussion in #667 it was agreed upon that EV certificates do not require a Tor Descriptor Hash IF the certificate is encoding a V3 Onion address(es).
I think perhaps one of the more interesting decisions I made here was that if a certificate contains even a single non-v3 address then the entire certificate is considered non-v3. This seems reasonable to me, although I am uncertain if there is such a thing a V2/V3 heterogeneous certificate out in the wild.
Mentioning @mimi89999 since I can't bring you on as reviewer explicitly.
This PR resolves #667