Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Further clarification on (partial) resolution #131

Open
andrewwhitehead opened this issue Nov 14, 2024 · 1 comment
Open

Further clarification on (partial) resolution #131

andrewwhitehead opened this issue Nov 14, 2024 · 1 comment

Comments

@andrewwhitehead
Copy link
Contributor

In the Read (resolve) section there is this paragraph:

On completing the processing and successful verification of all entries in the DID Log, respond to the DID resolution request, including the application of DID query parameters such as ?versionId= and ?versionTime= with the appropriate DIDDoc version and content.

While I don't disagree with this there are a couple side effects to consider.

  • Is it the rule that a more recent, invalid log entry will prevent resolution of an earlier versionId/versionTime? ie. Users would no longer be able to resolve a previous valid entry because the log itself appears corrupt. This seems like a good policy from a security perspective.
  • I think it might be also relevant when defining the behaviour of a cache, because the entire log file would always need to be processed/verified instead of needing to account for partial verifications. We would also need to define the expiry of a corrupted log, so that an unauthenticated/unwitnessed attack on a log file could be recovered from.
  • The witness verification algorithm would also depend on this decision. It becomes more complicated if parsing of the log file might abort early.
@brianorwhatever
Copy link
Contributor

Is it the rule that a more recent, invalid log entry will prevent resolution of an earlier versionId/versionTime? ie. Users would no longer be able to resolve a previous valid entry because the log itself appears corrupt. This seems like a good policy from a security perspective.

I don't think this should be the behaviour as there is nothing invalid about that previous entry

I think it might be also relevant when defining the behaviour of a cache, because the entire log file would always need to be processed/verified instead of needing to account for partial verifications. We would also need to define the expiry of a corrupted log, so that an unauthenticated/unwitnessed attack on a log file could be recovered from.

yeah definitely.. however less of an issue if we allow early resolution (previous entries aren't invalidated)

The witness verification algorithm would also depend on this decision. It becomes more complicated if parsing of the log file might abort early.

Witnesses shouldn't be asked to sign an earlier version in fact we should disallow it. so for them processing should never abort early

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brianorwhatever @andrewwhitehead