A mechanism to specify policy.
A major goal of the Sequoia OpenPGP crate is to be policy free. However, many mid-level operations build on low-level primitives. For instance, finding a certificate's primary User ID means examining each of its User IDs and their current self-signature. Some algorithms are considered broken (e.g., MD5) and some are considered weak (e.g. SHA-1). When dealing with data from an untrusted source, for instance, callers will often prefer to ignore signatures that rely on these algorithms even though RFC 4880 says that "[i]mplementations MUST implement SHA-1." When trying to decrypt old archives, however, users probably don't want to ignore keys using MD5, even though RFC 4880 deprecates MD5.
Rather than not provide this mid-level functionality, the
trait allows callers to specify their prefer policy. This can be
highly customized by providing a custom implementation of the
Policy trait, or it can be slightly refined by tweaking the
When implementing the
Policy trait, it is essential that the
functions are [idempotent]. That is, if the same
Policy is used
to determine whether a given
Signature is valid, it must always
return the same value.
The standard policy.
A policy for cryptographic operations.