VerifyRevocationSignature is misnamed

[andrewgdotcom]

(PublicKey)VerifyRevocationSignature appears also to be able to verify any direct signature. Is this intentional? And can I rely on it always working for direct certifications? :-)

[lubux]

Hi, good question. Yes, it should work since direct-key signatures are computed on the same hash of the key to be signed, and the signature types are not checked.
The next update of the go-crypto library includes a dedicated function to verify direct-key signatures although the logic is the same.

[andrewgdotcom]

Thanks, that's what it looked like from the code but I wanted to make sure it wouldn't unexpectedly break at some point in the future if I relied upon it. :-)