Merge keys when updating an exisiting key

This is needed to prevent roll back attacks where the attacker push us to accept a key with an old expiration date that could be use to push an untrusted key when after it's expiration.
author: Ruben Pollan <meskio@sindominio.net> 2014-10-30 21:54:32 -0600
committer: Ruben Pollan <meskio@sindominio.net> 2014-11-04 11:53:24 -0600
commit: d9df76ea2504a78865209cda3ae6e41613d5e5aa (patch)
tree: 849c1ef4a0cd3911bc6469526f333cb613e5946f /src/leap/keymanager/validation.py
parent: a5cf287dabc77b7172c2f058696cee1024ea3297 (diff)
1 files changed, 0 insertions, 1 deletions
diff --git a/src/leap/keymanager/validation.py b/src/leap/keymanager/validation.py
index 6dceb78..7d68966 100644
--- a/src/leap/keymanager/validation.py
+++ b/src/leap/keymanager/validation.py
@@ -73,7 +73,6 @@ def can_upgrade(new_key, old_key):
 
     # An update of the same key
     if new_key.fingerprint == old_key.fingerprint:
-        # XXX wich one is newer? is that a downgrade attack? (#6210)
         return True
 
     # Manually verified fingerprint
author	Ruben Pollan <meskio@sindominio.net>	2014-10-30 21:54:32 -0600
committer	Ruben Pollan <meskio@sindominio.net>	2014-11-04 11:53:24 -0600
commit	d9df76ea2504a78865209cda3ae6e41613d5e5aa (patch)
tree	849c1ef4a0cd3911bc6469526f333cb613e5946f /src/leap/keymanager/validation.py
parent	a5cf287dabc77b7172c2f058696cee1024ea3297 (diff)