SignatureGated API does not enforce semantically-correct use
When cryptographic signatures are in use, it is necessary for the verifier to know what key they expect a document to be signed by. Usually, this is some other key than one contained within the document (ie, for most security purposes, a self-signature is not very interesting).
Crypto APIs should be designed so that they encourage correct use and so that incorrect (insecure) use is difficult to do by accident.
SignatureGated
has an innocently-named check_signature
method which takes no indication of the public key(s) to use. It performs a self-signature check. This invites a mistake where a programmer who has a SignatureGated
calls check_signature
expecting it to check it against some ambient idea of what we ought to be trusting (eg, the directory authorities maybe).
Given the nontrivial trust relationships in the Tor network, fixing this is going to involve inspecting call sites etc. This is definitely a task for a rainy day.