Comments (7)
You're right. I wasn't being careful enough in my analysis. Having a message where 2 subsets of the content are signed, and both signatures verify, is definitely different from having a message where the entire message is signed and it verifies. We can't use NONREPUDIABLE for both.
I'm still thinking about the rest of what you said.
from aries-rfcs.
Really, really good questions.
The intent was that the NONREPUDIABLE attribute of an MTC would equate to what you are calling SIG_VERIFY_OK.
I agree that having a signature over a specific subset of a message's content, and having a signature over the entire message, muddies the water. But I wonder if incomplete signature verification is really useful; could we just say that either all signatures validate, or else the whole message is unworthy of the NONREPUDIABLE flag?
I'm feeling like we should shy away from extra complexity if we can get away with it, because right now code written by @dbluhm and code written by me are the only two impls I know of for MTCs, and I want to make it easy to pick up support; I think pretty good MTCs that are widely adopted would be better than highly precise, granular/recursive MTCs that feel too intimidating to back into impls.
That's just a quick gut reaction, though. I could be talked out of it.
from aries-rfcs.
I understand the reasoning to keep MTCs simple and I think I agree.
I agree that having a signature over a specific subset of a message's content, and having a signature over the entire message, muddies the water. But I wonder if incomplete signature verification is really useful; could we just say that either all signatures validate, or else the whole message is unworthy of the NONREPUDIABLE flag?
I'm not sure I follow here. If we did have a message with one or multiple signed subsets of content and the signatures verify, applying NONREPUDIABLE to the whole message would seem to imply that any contents outside of those subsets are also nonrepudiable which would not be true.
I wonder if a solution to the muddiness would be to let NONREPUDIABLE apply to whole messages and perhaps have custom trust attributes for specific fields of a message that have been signed. Going back to my original example from the connection protocol, as a signature verifying pre-processor successfully verifies the connection~sig
decorated field, it could add CONNECTION_SIG_VERIFIED. This may still be falling into "highly precise" land and I'm still not quite certain the benefits outweigh the added complexity.
from aries-rfcs.
This is an interesting angle that reinforces my thinking that the ~sig
decorator may be more complex than we originally thought. I agree with the analysis that @dbluhm has provided around needing to provide attribute specific MTCs for the ~sig
decorator. I wonder if this is limited to this decorator only (because it's cryptographic in nature) or if this is more common to all decorators.
from aries-rfcs.
With the move to use ~attach
with a signature instead of ~sig
, I think a solution becomes clearer; attached documents can be more cleanly thought of as separate messages with their own associated trust context, with some of its attributes being inherited from the parent message.
from aries-rfcs.
@dbluhm agreed to do some RFC Updates to capture tribal knowledge. Will close after that has happened.
from aries-rfcs.
PR #346 in with a small update to the MTC RFC that attempts to capture the outcome of this discussion. I'll go ahead and close this issue.
from aries-rfcs.
Related Issues (20)
- RFC 0592 Proof Request includes nonce that is also required for a proof proposal HOT 2
- Outdated "problem_report" in Connection Protocol HOT 2
- Inconsistency in DIDComm mime-type HOT 1
- Issue Credential: initiate with issue message HOT 10
- Eliminate the use of %VER in the RFCs in favor of the explicit version in the method IDs
- Credential attribute for images/photos HOT 4
- [string](string) does not exist
- Add "watermark" to the Meta Overlay in the OCA for Aries RFCs HOT 1
- Message Content Type HOT 2
- Signal holder app when a transaction is done
- Credential Metadata about how to get a credential
- #0453 V2 issue-credential: review HOT 2
- Clarification on encoding format of attachment data in `Delivery` message of RFC-0685-pickup-v2 HOT 1
- Out of band - proposing change ( `services` VS `from` ) HOT 1
- Clarity on nullability of `credential_preview` in issue-credential-v2 offers (Aries RFC 0453) HOT 8
- add clarification to RFC 0510 on how to use with JWT VPs
- Is a JSON string valid to be used in attachment data `json`?
- Special case of threading in didexchange #0023 ? HOT 9
- Using `oobUrl` in `didcomm://` deeplink for linking with shortened url HOT 6
- List of additions to the published Aries RFCs mkdocs/gh-pages Website
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aries-rfcs.