Closed mtgag closed 2 years ago
mtgag
commented
2 years ago Just made a commit that adresses the code enhancements issues. Also added the missing lint for KU for ECC keys. This is also related to lint_ecdsa_ee_invalid_ku.go. We may want to keep one lint.
The Error/Warn part is going to be addressed in a separate commit.
christopher-henderson
commented
2 years ago Thank you @mtgag! If you update the base branch then I can safely merge this (I could have sworn that GitHub gave me the button to do this as an admin? But maybe that's only for branches that originate from this repo...)
mtgag
commented
2 years ago Everything should be synchronised now.
christopher-henderson
commented
2 years ago Hrmmm and yet GH still doesn't believe that the base branch is up-to-date. Considering that the only deletion from the PR is changing a copyright year I am going to go ahead and merge this.
mtgag
commented
2 years ago You may also close https://github.com/zmap/zlint/pull/599, because 599 has been incorporated in this PR.
This pull request addresses issues regarding the proper key usage values for specific public key types. This work has been made in close cooperation with the D-Trust CA who also authored https://github.com/zmap/zlint/pull/599.
It has four lints. One is for EC keys that is based on RFC 8813 and the pull request https://github.com/zmap/zlint/pull/599. Incorporating 599 to this PR has been coordinated with the authors to adress the key usages issues as a whole.
Three lints regard RSA keys. One lint is for subscriber certificates, one for disallowed key usage values in CA certificates and the third for disallowed key usage values in CA certificates when certain values are present. These lints are based on RFC 3279.
These lints are motivated by a few incidents in the past regarding proper values of key usage. We would be grateful if you could incorporate this PR in the main project. We believe that this would be a benefit for the project and the CAs that use zlint to help them avoid issues in the future.