v1.0 (#1)#18
Conversation
|
(cc @hugomrdias if you have time) |
| 2. Such a strategy also MAY require accounting for revocation of the signing keys themselves. In this case, the cache would need to include additional information about the signing key. | ||
|
|
||
| ## 2.2 Raw (Noncanonicalized) Data | ||
| # Format |
There was a problem hiding this comment.
everything above this section IMO should be removed! IPLD, CID, etc, etc
this spec SHOULD not care about any of it
There was a problem hiding this comment.
This spec is for signing over IPLD data — the motivation came from being unable to sign IPLD payloads. It would be called "multisig" except that's the name of an existing concept (namespace conflict). Part of the motivation is that we can't sign over IPLD data without knowing the serialisation and whatnot. If someone wants to sign non-IPLD data, they can use the raw encoding prefix.
We could split these into separate specs, but I'm not sure how different that would look in practice compared to us having the payload encoding at the final field. There exist canonicalisation attacks possible if you don't include the exact encoding detail in the header (JWT etc also do this for the same reason)
There was a problem hiding this comment.
it has that benefit of helping ipld data signatures but not restrict to it.
we talk about EIP191 and JWT in which the payload is not ipld data (or may not be).
If someone wants to sign non-IPLD data, they can use the raw encoding prefix.
what does this mean? itsnt varsig just a bunch of prefixes?
On the other hand, the non-IPLD data schemes we want to support are strange to combine with varsig,
- JWT: i dont even know how to do JWT with varsig cause JWT is kinda similar to varsig just a json header
- EIP191: you are supposed to sign UTF8 string using personal_sign but you can encode varsig+payload and it works
- webauthn: still need to recheck this but im guessing we will put varsig+payload in the challenge as a string or a CID
|
For anyone following along, Hugo and I chatted out of band about design motivation and mostly I need to explain what is in and what's out for the spec ("it's all metadata") |
Co-authored-by: Hugo Dias <hugomrdias@gmail.com>
Co-authored-by: Hugo Dias <hugomrdias@gmail.com>
Co-authored-by: Hugo Dias <hugomrdias@gmail.com>
Co-authored-by: Hugo Dias <hugomrdias@gmail.com>
Co-authored-by: Hugo Dias <hugomrdias@gmail.com>
Co-authored-by: Hugo Dias <hugomrdias@gmail.com>
Co-authored-by: Hugo Dias <hugomrdias@gmail.com>
Co-authored-by: Hugo Dias <hugomrdias@gmail.com>
Co-authored-by: Hugo Dias <hugomrdias@gmail.com>
Co-authored-by: Hugo Dias <hugomrdias@gmail.com>
Co-authored-by: Hugo Dias <hugomrdias@gmail.com>
Co-authored-by: Hugo Dias <hugomrdias@gmail.com>
Co-authored-by: Hugo Dias <hugomrdias@gmail.com>
Co-authored-by: Hugo Dias <hugomrdias@gmail.com>
Co-authored-by: Hugo Dias <hugomrdias@gmail.com>
|
@expede let's merge this ? |
| > The JSON above contains a duplicate `role` key. | ||
|
|
||
| Next, the application parses the JSON with the browser's native JSON parser. | ||
| Next, the application parses the JSON with the browser's native JSON parser. Only one `role` key is possible in a JavaScript object, and which one is kept is not consistency across implementations. |
There was a problem hiding this comment.
| Next, the application parses the JSON with the browser's native JSON parser. Only one `role` key is possible in a JavaScript object, and which one is kept is not consistency across implementations. | |
| Next, the application parses the JSON with the browser's native JSON parser. Only one `role` key is possible in a JavaScript object, and which one is kept is not consistent across implementations. |
|
|
||
| message-byte-length = unsigned-varint | ||
| ```abnf | ||
| varsig-header = %x34 signature-algorithm-metadata payload-encoding-metadata |
There was a problem hiding this comment.
This is folded when I view the mark-down, so maybe my obsession with formal grammars finally helped someone :) - The ABNF needs a version field right after the prefix. Since v0 is implied if this field is absent, I guess it's optional here.
|
|
||
| algo_header["Algorithm"] | ||
|
|
||
| block:AlgoBody |
There was a problem hiding this comment.
In v0.1.0-rc1, the order of the signing algorithm fields for RSA was RSA=0x1205, hash=SHA2-256=0x12, key length - is there a rationale for switching the order of the latter two fields?
There was a problem hiding this comment.
Looking closer, the examples in common.md have the same field order as the v0.1.0-rc1 documentation so I think this is just a typo in the diagram.
| | Segment | Hexadecimal | Unsigned Varint | Comment | | ||
| |------------------------|-------------|-----------------|----------------------------------| | ||
| | `eddsa-prefix` | `0xED` | `0xED01` | EdDSA prefix | | ||
| | `eddsa-curve` | `0xED` | `0xEC01` | edwards25519 [multicodec] prefix | |
|
|
||
| | Segment | Hexadecimal | Unsigned Varint | Comment | | ||
| |------------------------|-------------|-----------------|----------------------------------| | ||
| | `eddsa-prefix` | `0xED` | `0xED01` | EdDSA prefix | |
There was a problem hiding this comment.
There's a draft multicodec.Code for EdDSA that's 0xd0ed and is labeled that it was created for varsig, should that be used here since 0xed is specifically the Ed25519 curve (technically the pub key)
There was a problem hiding this comment.
When working with Varsig, you can safely ignore Multicodec entries.
Varsig sometimes puns on Multicodec values, but they're distinct values. Varsig's only relationship to multicodec is that Varsig itself has an entry in Multicodec. Multicodec is very difficult to get changes into (sometime 6+ months lag time), so we can add stuff to this spec much more easily.
| 1. Signing CIDs enables a simple strategy for caching validation by CID. | ||
| 2. Such a strategy also MAY require accounting for revocation of the signing keys themselves. In this case, the cache would need to include additional information about the signing key. | ||
| * [Prefix]: The Varsig [multicodec] prefix `0x34` | ||
| * [Version]: The Varsig version number `0x01` |
There was a problem hiding this comment.
I'm happy to see the addition of a version number for the varsig encoding. This may very well be the wrong spot for this question but ... In this section of the UCAN spec, the .1.h field description says it's a Varsig v1 header. In the example JSON just below the diagram, the value NBIFEgEAcQ decodes to a Varsig v0 that's missing its signature bytes. The go-varsig implementation therefore currently allows Varsig v0 decoding that have the correct number of signature bytes OR with zero signature bytes (in which case both an error is returned as well as the decoded value - ugh). I'm hoping you'll tell us to go fix our UCAN implementation and that we can deprecate the v0 code in go-varsig.
There was a problem hiding this comment.
Yes, feel free to deprecate any Varsig v0 code. I'll update the UCAN spec to fix that prefix, and I'll merge this PR momentarily to clear up the Varsig end 👍
Done ✅ |
4 participants
This has been sitting on a fork for a while. It makes a bunch of parts of the spec more consistent, and addresses design criticism of the v0.1. It also includes (IMO) better examples.