[][src]Struct sequoia_openpgp::policy::StandardPolicy

pub struct StandardPolicy { /* fields omitted */ }

The standard policy.

The standard policy stores when each algorithm in a family of algorithms is no longer considered safe. Attempts to use an algorithm after its cutoff time should fail.

When validating a signature, we normally want to know whether the algorithms used are safe now. That is, we don't use the signature's alleged creation time when considering whether an algorithm is safe, because if an algorithm is discovered to be compromised at time X, then an attacker could forge a message after time X with a signature creation time that is prior to X, which would be incorrectly accepted.

Occasionally, we know that a signature has not been tampered with since some time in the past. We might know this if the signature was stored on some tamper-proof medium. In those cases, it is reasonable to use the time that the signature was saved, since an attacker could not have taken advantage of any weaknesses found after that time.


impl StandardPolicy[src]

pub const fn new() -> Self[src]

Instantiates a new StandardPolicy with the default parameters.

pub fn at(time: SystemTime) -> Self[src]

Instantiates a new StandardPolicy with parameters appropriate for time.

time is a meta-parameter that selects a security profile that is appropriate for the given point in time. When evaluating an object, the reference time should be set to the time that the object was stored to non-tamperable storage. Since most applications don't record when they received an object, they should conservatively use the current time.

Note that the reference time is a security parameter and is different from the time that the object was allegedly created. Consider evaluating a signature whose Signature Creation Time subpacket indicates that it was created in 2007. Since the subpacket is under the control of the sender, setting the reference time according to the subpacket means that the sender chooses the security profile. If the sender were an attacker, she could have forged this to take advantage of security weaknesses found since 2007. This is why the reference time must be set---at the earliest---to the time that the message was stored to non-tamperable storage. When that is not available, the current time should be used.

pub fn time(&self) -> Option<SystemTime>[src]

Returns the policy's reference time.

The current time is None.

See StandardPolicy::at for details.

pub fn accept_hash(&mut self, h: HashAlgorithm)[src]

Always considers h to be secure.

pub fn reject_hash(&mut self, h: HashAlgorithm)[src]

Always considers h to be insecure.

pub fn reject_hash_at<N, R>(
    &mut self,
    h: HashAlgorithm,
    normal: N,
    revocation: R
) where
    N: Into<Option<SystemTime>>,
    R: Into<Option<SystemTime>>, 

Considers h to be insecure starting at normal for normal signatures and at revocation for revocation certificates.

For each algorithm, there are two different cutoffs: when the algorithm is no longer safe for normal use (e.g., binding signatures, document signatures), and when the algorithm is no longer safe for revocations. Normally, an algorithm should be allowed for use in a revocation longer than it should be allowed for normal use, because once we consider a revocation certificate to be invalid, it may cause something else to be considered valid!

A cutoff of None means that there is no cutoff and the algorithm has no known vulnerabilities.

As a rule of thumb, we want to stop accepting a Hash algorithm for normal signature when there is evidence that it is broken, and we want to stop accepting it for revocations shortly before collisions become practical.

As such, we start rejecting MD5 in 1997 and completely reject it starting in 2004:

In 1996, Dobbertin announced a collision of the compression function of MD5 (Dobbertin, 1996). While this was not an attack on the full MD5 hash function, it was close enough for cryptographers to recommend switching to a replacement, such as SHA-1 or RIPEMD-160.

MD5CRK ended shortly after 17 August 2004, when collisions for the full MD5 were announced by Xiaoyun Wang, Dengguo Feng, Xuejia Lai, and Hongbo Yu. Their analytical attack was reported to take only one hour on an IBM p690 cluster.

(Accessed Feb. 2020.)

And we start rejecting SHA-1 in 2013 and completely reject it in 2020:

Since 2005 SHA-1 has not been considered secure against well-funded opponents, as of 2010 many organizations have recommended its replacement. NIST formally deprecated use of SHA-1 in 2011 and disallowed its use for digital signatures in 2013. As of 2020, attacks against SHA-1 are as practical as against MD5; as such, it is recommended to remove SHA-1 from products as soon as possible and use instead SHA-256 or SHA-3. Replacing SHA-1 is urgent where it's used for signatures.

(Accessed Feb. 2020.)

Since RIPE-MD is structured similarly to SHA-1, we conservatively consider it to be broken as well.

pub fn hash_cutoffs(
    h: HashAlgorithm
) -> (Option<SystemTime>, Option<SystemTime>)

Returns the cutoff times for the specified hash algorithm.

Trait Implementations

impl Policy for StandardPolicy[src]

fn key(&self, _ka: &ValidKeyAmalgamation<PublicParts>) -> Result<()>[src]

Returns an error if the key violates the policy. Read more

impl<'a> From<&'a StandardPolicy> for Option<&'a dyn Policy>[src]

impl Default for StandardPolicy[src]

impl Clone for StandardPolicy[src]

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for StandardPolicy[src]

Auto Trait Implementations

Blanket Implementations

impl<T> From for T[src]

impl<T, U> Into for T where
    U: From<T>, 

impl<T> ToOwned for T where
    T: Clone

type Owned = T

impl<T, U> TryFrom for T where
    U: Into<T>, 

type Error = Infallible

The type returned in the event of a conversion error.

impl<T> Borrow for T where
    T: ?Sized

impl<T> BorrowMut for T where
    T: ?Sized

impl<T> Any for T where
    T: 'static + ?Sized

impl<T, U> TryInto for T where
    U: TryFrom<T>, 

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

impl<V, T> VZip for T where
    V: MultiLane<T>,