database: serve first-party attested third-party certifications (!176) · Merge requests · keys.openpgp.org / hagrid

Justus Winter requested to merge justus/1pa3pc into master Jun 08, 2021

This implements support for third-party userid certifications. To prevent denial-of-service attacks, we only merge those certifications that are attested by the key holder.

The key holder attests the certifications using an Attested Key Signature containing the digests of the certifications in an Attested Certifications subpacket as specified in RFC4880bis-10.

Fixes #124 (closed).

database: serve first-party attested third-party certifications

Merge request reports