Closed Bug 1603788 Opened 5 years ago Closed 4 years ago

Implement RNP trust storage for OpenPGP public keys

Categories

(MailNews Core :: Security: OpenPGP, enhancement)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1626683

People

(Reporter: KaiE, Unassigned)

References

(Blocks 1 open bug)

Details

We need to implement the ability to associate trust levels to public keys.

Bug 1595231 (c) describes a possible trust model. I'll reuse the (i), (ii), (iii) levels described there.

RNP doesn't offer support for trust management in its API. No problem, because the model will we currently consider will be special, so we'll need to implement that ourselves.

At this time, RNP doesn't yet offer certifying a key, although they intend to add that. This means, we cannot use certification to distinguish between (ii) and (iii).

For (i), we might potentially hold them in a separate scratch keyring, that we could safely delete, for example, if we receive a poison/DoS key. Because of that, we'd probably use at least two separate keyring files.

However, a simple initial implementation could be to have three separate key rings for public keys on disk, one for each level.

The highest level store that contains a key would define the associated trust level.

Initial work was done in bug 1626683.

I haven't yet done the other ideas to have a scratch keyring, but still want to do that later.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.