use the signature as revocation id

biscuit-auth · Sep 9, 2021 · 040c204 · 040c204
1 parent 6092bd1
commit 040c204
Showing 1 changed file with 3 additions and 6 deletions.
diff --git a/SPECIFICATIONS.md b/SPECIFICATIONS.md
@@ -377,12 +377,9 @@ ambient data from the request, lists of users and roles, etc.
 ##### Revocation identifiers
 
 The verifier will generate a list of facts indicating revocation identifiers for
-the token. They are calculated as follows:
-- perform a SHA256 hash of the authority block and the root key
-- generate the hash value, store it as `revocation_id(0, <byte array of the hash)`
-- for each following block:
-  - continue from the previous hash, update with the current block and its public key
-  - generate the hash value, store it as `revocation_id(<block index>, <byte array of the hash)`
+the token. The revocation identifier for a block is its signature (as it uniquely
+identifies the block) serialized to a byte array (as in the Protobuf schema).
+For each of these if, a fact `revocation_id(<index of the block>, <byte array>)` will be generated
 
 ##### Verifying