On 2025-04-28 09:07, Carsten Bormann wrote:
On 2025-04-28, at 09:03, Anders Rundgren <[email protected]> wrote:
(How do you know the extent of the data being covered by the signature?)
Good question! In the current solution, this is defined by validation policies
set at the API level.
You need a *mechanism* for checking the signature; it is dangerous to leave
that to *policy* as it is too easy for an attacker to find cracks in these
policies.
(Yes, “checking” the signature goes beyond mechanism where you check whether
the signature *authorizes* a specific action; but I’m still talking about the
*authentication* of the signature here.)
I'm not sure what you are looking for here. Policies in the existing
implementation are dynamic and mostly based on interfaces [*]. By default the
validation API is pretty locked down.
What I was trying to say is that adding policy-related meta-data would
complicate implementations, while signers still can (technically) do whatever
they want.
This will (hopefully...) be clearer the day I convert the GitHub signature page
to a freestanding I-D.
Anyway, if you have a concrete example of what you believe should change, I'm
all ears. Well, with the reliance on deterministic encoding as a prominent
exception :)
Cheers,
Anders
*]
https://github.com/cyberphone/openkeystore/blob/572f158d97343c1dc312512fc128583c31163a82/library/src/org/webpki/cbor/CBORAsymKeyValidator.java#L103
Grüße, Carsten
_______________________________________________
CBOR mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
COSE mailing list -- [email protected]
To unsubscribe send an email to [email protected]
