Trust Tokens: Clarify a comment in ExpiryInspectingRecordExpiryDelegate

ExpiryInspectingRecordExpiryDelegate uses Trust Tokens signed redemption records' associated token issuance verification keys in order to decide whether a given signed redemption record has expired. This is a little subtle, because signed redemption records *also* have associated public- key signatures, verified by "signed redemption record verification keys," which are distinct from SRRs' associated token issuance verification keys. For the most part, the comments in expiry_inspecting_record_expiry_delegate.{h,cc} go out of their way to make the distinction explicit, but there was a comment that mentioned the SRR's "verification key", rather than its associated token issuance verification key. This patch updates the comment in question to be clearer. Tbr: svaldez@chromium.org Change-Id: I87f45aa411c9c4462bf7fd4ce00a92ca41056daa Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2429304Reviewed-by: Steven Valdez <svaldez@chromium.org> Reviewed-by: David Van Cleve <davidvc@chromium.org> Commit-Queue: Steven Valdez <svaldez@chromium.org> Cr-Commit-Position: refs/heads/master@{#810345}

Trust Tokens: Clarify a comment in ExpiryInspectingRecordExpiryDelegate
ExpiryInspectingRecordExpiryDelegate uses Trust Tokens signed redemption records' associated token issuance verification keys in order to decide whether a given signed redemption record has expired. This is a little subtle, because signed redemption records *also* have associated public- key signatures, verified by "signed redemption record verification keys," which are distinct from SRRs' associated token issuance verification keys. For the most part, the comments in expiry_inspecting_record_expiry_delegate.{h,cc} go out of their way to make the distinction explicit, but there was a comment that mentioned the SRR's "verification key", rather than its associated token issuance verification key. This patch updates the comment in question to be clearer. Tbr: svaldez@chromium.org Change-Id: I87f45aa411c9c4462bf7fd4ce00a92ca41056daa Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2429304Reviewed-by: Steven Valdez <svaldez@chromium.org> Reviewed-by: David Van Cleve <davidvc@chromium.org> Commit-Queue: Steven Valdez <svaldez@chromium.org> Cr-Commit-Position: refs/heads/master@{#810345}
e5224d54 · David Van Cleve · Commit Bot · 4164d4f2 · e5224d54
Commit e5224d54 authored Sep 24, 2020 by David Van Cleve Committed by Commit Bot Sep 24, 2020
Show whitespace changes
Inline Side-by-side

Showing with 4 additions and 3 deletions

services/network/trust_tokens/expiry_inspecting_record_expiry_delegate.cc .../trust_tokens/expiry_inspecting_record_expiry_delegate.cc +4 -3

No files found.
--- a/services/network/trust_tokens/expiry_inspecting_record_expiry_delegate.cc
+++ b/services/network/trust_tokens/expiry_inspecting_record_expiry_delegate.cc
@@ -93,9 +93,10 @@ bool ExpiryInspectingRecordExpiryDelegate::IsRecordExpired(
  // changed (due to data corruption) or the commitments changed (due to an
  // overwrite by the key commitments' producer, or due to data corruption).
  //
-  // In both cases, the SRR's verification key doesn't correspond to the current
-  // key commitments we possess for the issuer, because we don't have any
-  // key commitments whatsoever for the issuer: mark the record as expired.
+  // In both cases, the SRR's associated token-issuance verification key isn't
+  // present in the current key commitments we possess for the issuer, because
+  // we don't have any key commitments whatsoever for the issuer: mark the
+  // record as expired.
  if (!key_commitments)
    return true;