v0.5.0-rc.3

Added

• Revocation of previously issued credentials (see documentation)
• Support HTTP/2 in IRMA server and app
• Option --skip-permission-keys-check to IRMA server disabling checking that all required private keys are present in the server configuration
• Various additions to irmaclient for the new IRMA app, among others:
  • Several new fields in irma.CredentialType for specifying e.g. help messages and card colors
  • Added developer mode enabling non-HTTPS connections to IRMA servers for local testing (see below)

Changed

• Use go modules instead of dep for tracking and locking dependencies

Fixed

• Problems with --privkeys option to IRMA server
• irmaserver HTTP handler returns 404 an 405 as JSON error messages as expected
• Consistently use a docopt/git/aptitude like format for usage sections in help of irma subcommands
• Incorrect default value of --url flag to irma session subcommand
• IRMA server no longer allows nonsensical wildcard usage in requestor permissions

Security

• irma command, IRMA server and irmaclient will now enforce HTTPS for outgoing connections more strictly
• Update supported TLS ciphers and curves for IRMA server
• Fixed potential bug allowing MitM attacker to arbitrarily change installed schemes
• Fixed potential DoS attack in IRMA server endpoints (sending it large amounts of data or keeping connections open indefinitely)
• irma issuer keygen now has default keylength 2048
• Added various sanity checks to files and file paths
• Fixed potential scheme downgrade attack when installing/updating schemes in MitM scenarios