summaryrefslogtreecommitdiff
path: root/DISTRO_PORTING
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-01-07 12:56:38 +0100
committerLennart Poettering <lennart@poettering.net>2016-01-11 19:39:59 +0100
commit0f87f3e8e72bef1b951a1ee97c4e976e924f7912 (patch)
tree592ed7e1304d022f4ed97b85761d1e084630f4bc /DISTRO_PORTING
parent0f23174c5c21f90929b3ee39fee48b774949510d (diff)
resolved: look for revoked trust anchors before validating a message
There's not reason to wait for checking for revoked trust anchors until after validation, after all revoked DNSKEYs only need to be self-signed, but not have a full trust chain. This way, we can be sure that all trust anchor lookups we do during validation already honour that some keys might have been revoked.
Diffstat (limited to 'DISTRO_PORTING')
0 files changed, 0 insertions, 0 deletions