New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Phase 2: trust authorities #16

Merged
merged 19 commits into from Jan 11, 2019

Conversation

Projects
None yet
2 participants
@vabd
Copy link
Member

vabd commented Jan 4, 2019

No description provided.

@vabd

This comment has been minimized.

Copy link
Member

vabd commented Jan 5, 2019

Right, so I believe everything's here, opening it for public review.

@vabd vabd added scsp:review and removed scsp:wip labels Jan 5, 2019

@vabd vabd requested a review from Informo/informo-core-team Jan 5, 2019

@GordonF42
Copy link
Member

GordonF42 left a comment

Yay ! :)

I put some thoughts on data model optimisation and some obligations.

I was also wondering if we should add some signatures to the suggested_trust_authorities list.
Server admins could send fake suggested_trust_authorities to lure users into bad TAs, but right now I don't see major benefits nor a good way to secure it properly.

Show resolved Hide resolved content/trust-management/trust-authority.md Outdated
Show resolved Hide resolved content/trust-management/trust-authority.md Outdated
Show resolved Hide resolved content/trust-management/trust-authority.md Outdated
Show resolved Hide resolved content/trust-management/trust-authority.md Outdated
Show resolved Hide resolved content/trust-management/trust-authority.md Outdated
Show resolved Hide resolved content/trust-management/trust-authority.md Outdated
Show resolved Hide resolved content/trust-management/trust-authority.md
Show resolved Hide resolved content/trust-management/trust-authority.md
Show resolved Hide resolved content/trust-management/trust-authority.md Outdated
Show resolved Hide resolved content/trust-management/trust-authority.md

@vabd vabd requested a review from Informo/informo-core-team Jan 8, 2019

@GordonF42
Copy link
Member

GordonF42 left a comment

LGTM :)

@vabd

This comment has been minimized.

Copy link
Member

vabd commented Jan 9, 2019

Well that was quick 😛
Will merge in two days unless someone has any objection!

@vabd

This comment has been minimized.

Copy link
Member

vabd commented Jan 9, 2019

Actually, I missed the whole trust level part, and forgot to update examples. Please take another look.

@vabd vabd requested a review from Informo/informo-core-team Jan 9, 2019

| ----------------| ----------------- | :--: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `signature` | `string` | x | Signature generated from a `signedObject`, containing the entity's registration event, using one of the trust authority's public keys and the algorithm provided under `sig_algo`. |
| `level` | `integer` | | The trust level the TA trusts the entity with. Only valid when the entity is another TA. |
| `reason` | `localisedString` | | Reason given by the TA explaining why they trust this source or other TA. |

This comment has been minimized.

@GordonF42

GordonF42 Jan 10, 2019

Member

I'm not a big fan of sources having a level property: if the TA is trusted (has a TL >= 0), then all its sources are trusted and the level property tied to a source is not used / has no meaning

| `reason` | `localisedString` | | Reason given by the TA explaining why they trust this source or other TA. |
| Parameter | Type | Req. | Description |
| ----------------| ----------------- | :--: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `signature` | `string` | x | Signature generated from a `signedObject`, containing the entity's registration event, using one of the trust authority's public keys and the algorithm provided under `sig_algo`. |

This comment has been minimized.

@GordonF42

GordonF42 Jan 10, 2019

Member

You should add a link about signing JSON data (/information-distribution/signature/#signing-json-data), either in the table or below in the signedObject description

@vabd vabd requested a review from Informo/informo-core-team Jan 10, 2019

@vabd vabd force-pushed the vabd/trust-authority branch from 0f16f55 to 44a53e5 Jan 10, 2019

@GordonF42
Copy link
Member

GordonF42 left a comment

LGTM™

@vabd

This comment has been minimized.

Copy link
Member

vabd commented Jan 10, 2019

Awesome! Merging this tomorrow as it will reach the 7 days mark then 🙂

@vabd vabd merged commit c0f7d05 into master Jan 11, 2019

@vabd vabd added scsp:merged and removed scsp:review labels Jan 11, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment