From 35fc59f761c4ca81e192c992d81e4cc439ce76be Mon Sep 17 00:00:00 2001
From: Rodolphe Breard <rodolphe@what.tf>
Date: Tue, 8 Sep 2020 18:11:51 +0200
Subject: [PATCH] Remove the signature algorithm from the key hash The key hash
 is responsible for the initiation of a key rollover on endpoints. Therefore,
 it should differ only when such an action is required, which is only if the
 key pair has changed. For this, hashing the public key is sufficient. Adding
 the signature algorithm will generate unnecessary key rollovers.

---
 acmed/src/account.rs | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/acmed/src/account.rs b/acmed/src/account.rs
index cab6ca2..63f7ce5 100644
--- a/acmed/src/account.rs
+++ b/acmed/src/account.rs
@@ -282,8 +282,6 @@ fn hash_contacts(contacts: &[contact::AccountContact]) -> Vec<u8> {
 }
 
 fn hash_key(key: &AccountKey) -> Result<Vec<u8>, Error> {
-    let mut msg = key.signature_algorithm.to_string().into_bytes();
     let pem = key.key.public_key_to_pem()?;
-    msg.extend_from_slice(&pem);
-    Ok(HashFunction::Sha256.hash(&msg))
+    Ok(HashFunction::Sha256.hash(&pem))
 }