From 2691ac0e857f27f1f83be0bbd8a2273f075d8da4 Mon Sep 17 00:00:00 2001 From: Ognjen Maric Date: Fri, 13 Oct 2023 14:25:25 +0200 Subject: [PATCH] Limit subnet certificate delegations to depth 1 --- spec/index.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/spec/index.md b/spec/index.md index 98351b512..b9ddc82c2 100644 --- a/spec/index.md +++ b/spec/index.md @@ -379,7 +379,7 @@ This section makes forward references to other concepts in this document, in par where `signing_canister_id` is the id of the signing canister and `reconstruct` is a function that computes a root-hash for the tree. - - If the `certificate` includes subnet delegations (possibly nested), then the `signing_canister_id` must be included in each delegation's canister id range (see [Delegation](#certification-delegation)). + - If the `certificate` includes a subnet delegation, then the `signing_canister_id` must be included in the delegation's canister id range (see [Delegation](#certification-delegation)). - The `tree` must be a `well_formed` tree with @@ -671,11 +671,11 @@ The HTTP response to this request consists of a CBOR (see [CBOR](#cbor)) map wit - `certificate` (`blob`): A certificate (see [Certification](#certification)). - If this `certificate` includes (possibly nested) subnet delegations (see [Delegation](#certification-delegation)), then + If this `certificate` includes a subnet delegation (see [Delegation](#certification-delegation)), then - - for requests to `/api/v2/canister//read_state`, the `` must be included in each delegation's canister id range, + - for requests to `/api/v2/canister//read_state`, the `` must be included in the delegation's canister id range, - - for requests to `/api/v2/subnet//read_state`, the `` must match each delegation's subnet id. + - for requests to `/api/v2/subnet//read_state`, the `` must match the delegation's subnet id. The returned certificate reveals all values whose path has a requested path as a prefix except for @@ -1851,7 +1851,7 @@ When executing a query or composite query method via a query call (i.e. in non-r The certificate is a blob as described in [Certification](#certification) that contains the values at path `/canister//certified_data` and at path `/time` of [The system state tree](#state-tree). - If this `certificate` includes subnet delegations (possibly nested), then the id of the current canister will be included in each delegation's canister id range. + If this `certificate` includes a subnet delegation, then the id of the current canister will be included in the delegation's canister id range. This traps if `ic0.data_certificate_present()` returns `0`. @@ -2431,7 +2431,7 @@ A certificate by the root subnet does not have a delegation field. A certificate :::note -The nested certificate *typically* does not itself again contain a delegation, although there is no reason why agents should enforce that property. +The certificate included in the delegation (if present) must not itself again contain a delegation. ::: @@ -2441,10 +2441,10 @@ The nested certificate *typically* does not itself again contain a delegation, a certificate : Certificate; } -A chain of delegations is verified using the following algorithm: +A delegation is verified using the following algorithm: check_delegation(NoDelegation) = true - check_delegation(Delegation d) = verify_cert(d.certificate) and lookup(["subnet",d.subnet_id,"public_key"],d.certificate) = Found _ + check_delegation(Delegation d) = verify_cert(d.certificate) and lookup(["subnet",d.subnet_id,"public_key"],d.certificate) = Found _ and d.certificate.delegation = NoDelegation The delegation key (a BLS key) is computed by the following algorithm: