File: add-certificate-validation-68a1ffbd5369a8d1.yaml

package info (click to toggle)
python-cursive 0.2.3-4
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 352 kB
  • sloc: python: 1,126; makefile: 20; sh: 9
file content (37 lines) | stat: -rw-r--r-- 2,117 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
---
prelude: >
    The cursive library supports the verification of digital signatures.
    However, there is no way currently to validate the certificate used to
    generate a given signature. Adding certificate validation improves the
    security of signature verification when each is used together.
features:
  - Adds a variety of certificate utility functions that inspect certificate
    attributes and extensions for different settings.
  - Adds the CertificateVerificationContext class which uses a set of
    trusted certificates to conduct certificate validation, verifying that a
    given certificate is part of a certificate chain rooted with a trusted
    certificate.
  - Adds a verify_certificate method that loads all certificates needed for
    certificate validation from the key manager and uses them to create a
    CertificateVerificationContext object. The context is then used to
    determine if a certificate is valid.
upgrade:
  - The addition of certificate validation as a separate operation from the
    signature verification process preserves backwards compatibility.
    Signatures previously verifiable with cursive will still be verifiable.
    However, their signing certificates may not be valid. Each signing
    certificate should be checked for validity before it is used to conduct
    signature verification.
security:
  - The usage of certificate validation with the signature verification
    process improves the security of signature verification. A signature
    should not be considered valid unless its corresponding certificate is
    also valid.
other:
  - The CertificateVerificationContext is built using a set of trusted
    certificates. However, to conduct certificate verification the context
    builds the full certificate chain, starting with the certificate to
    validate and ending with the self-signed root certificate. If this
    self-signed root certificate is not present in the context, or if one
    of the intermediate certificates is not present in the context, the
    certificate chain cannot be built and certificate validation will fail.