cicada-solvers / isitcicada Goto Github PK

since the initial release of IsItCicada, there were some rather large changes to how every part of the library works and this has been more or less ignored because of time needed to change.

It may be time to start over with a new version of the library.

as title, openpgp.js ignores hash headers in signatures leaving them open to custom messages

Internal task/todo.

The site could have better feedback for the following cases

• Data before and after the message (not part of the verified data)
• Comment headers (non-verified data)
• Whitespace messages (ignored by the standard)

Of course, this should be done in a way that doesn't clutter output or confuse the user.

I'll work on this soon and try to complete these tasks.

while isistcicada verifies --clearsign messages, it doesn't verify --sign messages yet.

While OpenPGP.JS supports this, the pre-validation steps IsItCicada does (as an attempt to add more warnings than OpenPGP and GPG do) overzealously excludes this message format.

while isistcicada verifies a select few headers we usually see in an attempt to stem possible gamejacking attempts, it mistakenly excludes other valid headers that are defined in standard (but we generally don't see in-game).

While OpenPGP.JS supports this, the pre-validation steps IsItCicada does (as an attempt to add more warnings than OpenPGP and GPG do) overzealously excludes this - as in the previous ticket also.

as topic, bug found in commit f9cab99 but it probably already existed.

Comment headers in the signature area are considered to be invalid, when they're explicit allowed by verify_text_header. I'll have to research why this is.

This was found because after the update, verifying returns more information and test-case 11 (good sig from wrong person) was shown to be giving the wrong error code.

I think it's time we drop the old syntaxes (and the free lunch of legacy browsers like IE) for the sake of clarity and move to ES5 or ES6 syntax.

Maybe even take on a webpack process so we can maintain support while still having support.