-
Notifications
You must be signed in to change notification settings - Fork 278
Notary 2015 NCC security audit review #356
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
Thanks for bringing this to our attention.
|
I just ran into this issue. Is this worth reviewing? |
There was a lot of discussion about the Signature Algorithm Not Matched to Key issue in #425 which was resolved with TAP 9. |
Yeah, didn't we already fix this? |
We did, I will close this issue now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Notary commissioned a security audit of their code last year. Even though it was not of the Python code or specification, there are some items that are worth checking in the reference code and addressing in the specification.
method
should be removed from the specification and each key type should only have one associated signature method. This mitigates this potential implementation bug completely.The rest of the issues are specific to Notary and not relevant to the Python implementation or specification.
The text was updated successfully, but these errors were encountered: