(I have't read the patch, or even earlier correspondence in this
thread, so I apologise for just jumping in.)
At 2014-09-12 12:50:45 -0300, alvherre@2ndquadrant.com wrote:
>
> +1 for ignoring sigs. If somebody want to check sigs, that's a
> separate step.
For what it's worth, although it seems logical to split up cryptographic
primitives like this, I think it's widely recognised these days to have
contributed to plenty of bad crypto implementations. These seems to be
general trend of moving towards higher-level interfaces that require
fewer decisions and can be relied upon do the Right Thing.
I don't like the idea of ignoring signature verification errors any more
than I would like "if somebody wants to check the HMAC before decypting,
that's a separate step".
Of course, all that is an aside. If the function ever threw an error on
signature verification failures, I would strongly object to changing it
to ignore such errors for exactly the reasons you mention already.
-- Abhijit