Abstract
A proposal to move the signature out of the individual announcement in a batch file and allow the implementation layer to choose how to validate batches.
Proposing for Ethereum, that the transaction with a batch publication should be signed by a delegate of the DSNP Ids in the batch.
Terms
- First Party: The owner of the DSNP Id.
- Second Party: A delegate of the DSNP Id, but not the owner. Often a service provider.
- Third Party: An actor that is cryptographically disconnected from the DSNP Id(s).
Motivation
- Simplicity in the spec
- Flexibility at the implementation layer
- (Ethereum) Increase in batch submission transparency
Specification Pull Request
Current change pull request: #183
Rationale
Half of the requirement in validation of an announcement was already at the implementation layer.
This proposal extends that to the entire question of how to validate an announcement.
This allows more freedom in the implementation to validate announcements in a variety of ways including at write-time instead of just read-time.
The other motivations draw from the implementation solution:
- Transparency increase. By cryptographically linking the batch to the delegate, users can know which delegates are honest and maintaining data availability.
- Batch file size is reduced.
- The work for validation is reduced to merely checking that the transaction sender is a delegate for each
fromId in the batch.
Backwards Compatibility
This is a spec breaking change!
- Announcement structure drops a field and validation is completely altered.
- Tombstones are broken! We would need to update Tombstones to use the
DSNP Announcement URI likely.
- Therefore this DIP will require DSNP to increase the minor version.
Migration Options:
- Ignore previous data from DSNP.
- Consider previous data from DSNP to be valid.
- Have a migration block number per implementation.
For future changes like this, it would likely require 3.
For now, we can just do 1 or 2.
Ethereum
No changes need to be made in Ethereum contracts to support this change.
SDKs
SDKs will need to be upgraded to support the changes.
Tombstone Announcement
Tombstone announcements will need to be updated to target something besides the signature
Reference Implementation and/or Tests
Security Considerations
This might appear to increase the level of trust that a user must have in a delegate, but the trust was just hidden before.
Previously, an app would need to either ask the user's trusted wallet to sign every announcement, have a key in the app, or have a backend service signing announcements.
The user's wallet option is secure, but not a great experience for the user.
Even if there was a way for the wallet to background approve, the multi-device nature of the world makes it a difficult setup without then also relying on web wallets.
The expected outcome is that apps would lean toward having a key in their client or at the server level which is a hidden layer of trust.
The proposal moves towards an explicit 2nd party trust model for most users.
It is a limit on the option of relying on a user's trusted wallet to interact with apps unless the user also publishes their own batches.
Dependencies
References
None
Copyright
Copyright and related rights waived via CC0.
Abstract
A proposal to move the signature out of the individual announcement in a batch file and allow the implementation layer to choose how to validate batches.
Proposing for Ethereum, that the transaction with a batch publication should be signed by a delegate of the DSNP Ids in the batch.
Terms
Motivation
Specification Pull Request
Current change pull request: #183
Rationale
Half of the requirement in validation of an announcement was already at the implementation layer.
This proposal extends that to the entire question of how to validate an announcement.
This allows more freedom in the implementation to validate announcements in a variety of ways including at write-time instead of just read-time.
The other motivations draw from the implementation solution:
fromIdin the batch.Backwards Compatibility
This is a spec breaking change!
DSNP Announcement URIlikely.Migration Options:
For future changes like this, it would likely require 3.
For now, we can just do 1 or 2.
Ethereum
No changes need to be made in Ethereum contracts to support this change.
SDKs
SDKs will need to be upgraded to support the changes.
Tombstone Announcement
Tombstone announcements will need to be updated to target something besides the signature
Reference Implementation and/or Tests
Security Considerations
This might appear to increase the level of trust that a user must have in a delegate, but the trust was just hidden before.
Previously, an app would need to either ask the user's trusted wallet to sign every announcement, have a key in the app, or have a backend service signing announcements.
The user's wallet option is secure, but not a great experience for the user.
Even if there was a way for the wallet to background approve, the multi-device nature of the world makes it a difficult setup without then also relying on web wallets.
The expected outcome is that apps would lean toward having a key in their client or at the server level which is a hidden layer of trust.
The proposal moves towards an explicit 2nd party trust model for most users.
It is a limit on the option of relying on a user's trusted wallet to interact with apps unless the user also publishes their own batches.
Dependencies
contentHash#180References
None
Copyright
Copyright and related rights waived via CC0.