diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-01-07 12:56:38 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-01-11 19:39:59 +0100 |
commit | 0f87f3e8e72bef1b951a1ee97c4e976e924f7912 (patch) | |
tree | 592ed7e1304d022f4ed97b85761d1e084630f4bc /DISTRO_PORTING | |
parent | 0f23174c5c21f90929b3ee39fee48b774949510d (diff) |
resolved: look for revoked trust anchors before validating a message
There's not reason to wait for checking for revoked trust anchors until
after validation, after all revoked DNSKEYs only need to be self-signed,
but not have a full trust chain.
This way, we can be sure that all trust anchor lookups we do during
validation already honour that some keys might have been revoked.
Diffstat (limited to 'DISTRO_PORTING')
0 files changed, 0 insertions, 0 deletions