From d9df76ea2504a78865209cda3ae6e41613d5e5aa Mon Sep 17 00:00:00 2001
From: Ruben Pollan <meskio@sindominio.net>
Date: Thu, 30 Oct 2014 21:54:32 -0600
Subject: Merge keys when updating an exisiting key

This is needed to prevent roll back attacks where the attacker push us
to accept a key with an old expiration date that could be use to push an
untrusted key when after it's expiration.
---
 src/leap/keymanager/validation.py | 1 -
 1 file changed, 1 deletion(-)

(limited to 'src/leap/keymanager/validation.py')

diff --git a/src/leap/keymanager/validation.py b/src/leap/keymanager/validation.py
index 6dceb78..7d68966 100644
--- a/src/leap/keymanager/validation.py
+++ b/src/leap/keymanager/validation.py
@@ -73,7 +73,6 @@ def can_upgrade(new_key, old_key):
 
     # An update of the same key
     if new_key.fingerprint == old_key.fingerprint:
-        # XXX wich one is newer? is that a downgrade attack? (#6210)
         return True
 
     # Manually verified fingerprint
-- 
cgit v1.2.3