New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update trustping.md #272
Update trustping.md #272
Conversation
I vote that |
How is identifier authentication being done now? Couldn't we rely on that methodology to get it instead? |
You mean authenticated encryption? That is the method I'm expecting we rely on. |
So I think the issue here is that the "Trust Ping" protocol becomes just the "Ping" protocol when completed using anonymous encryption. I don't believe there is a way to authenticate in this case and all we will be able to rely on is a self declared |
If you just send out a trust ping to a previously unknown contact using anoncrypt, yes. But you can use an existing connection and (I think, if I've been following the conversation), the message would be delivered using authcrypt. I don't see a need to change the name. The information about using the DIDComm 2 with and without a connection should be general information and need not be tied to each protocol. |
I've proposed in #274 that we make from required. That clears up several things, including this confusion about a trustpring without a from. Thoughts? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@brianorwhatever I guess we can remove the from after we merged #274
docs/spec-files/trustping.md
Outdated
**from**: is required if a response is requested so that the receiver knows where to send the response | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@brianorwhatever I guess we can remove the from
after we merged #274
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks @awoie
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm after removing the from
language, but merge should wait until #274 got merged
Co-authored-by: Oliver Terbu <43441584+awoie@users.noreply.github.com>
Yup, I've started to rephrase my language to prevent conflation between what we mean when we say "authenticated encryption"/Authcrypt and what's more commonly used in symmetrical encryption where they're describing a specific security property that's slightly different than what we mean. In my mind identifier authentication utilizes traditional "authenticated encryption" (they normally just mean the encryption is integrity protected and tamper resistant by people without the secret key) and that we're binding the integrity to a specific identifier (e.g. the did) that can be inferred. This may not be exactly correct terminology, but just looking to stray away from conflating language when describing different security properties. Let's open a separate issue to discuss this further if you want to just so that we don't slow down this PR from being merged. |
closes #271