Use whole unsigned VC as VC proof signature payload

[kziemianek]

• Changes the input for VC proof signature calculation from enclave's mrenclave to VC json.
• Removes all logic/calls from VCManagement related to VCRegistry.

After this change newly issued VC content can be verified just by verifying proof's signature, there would be no need to reach out to onchain's VCRegistry.

[linear]

P-350 Use embedded proof for VC validation

[Kailai-Wang]

Nice and clean, not much to complain, thanks!

About the registry - this PR removes it completely. I'm thinking in the future, we might want to add "publish vc" feature where the user can link the selected VCs to their DID to make them public, so that anyone can see them by tracking down the DID. For that we'll need (again) a registry 🤔

[Kailai-Wang]

I think checking scheduledEnclave should be more accurate - enclave registration needs to comply with it too. Right now I can't think of any case where scheduledEnclave and enclaveRegistry don't match though

Btw even if we want to check enclaveRegistry we should enclaveCount from the parachainBlockHash height

[kziemianek]

But Teerex's ScheduledEnclave is empty so there is no value to compare against :(

[Kailai-Wang]

Ah in dev it's not populated, but in production it shouldn't be empty

[Kailai-Wang]

Maybe we should add the scheduled enclave even in dev - like here: https://github.com/litentry/litentry-parachain/pull/2382/files#diff-f941434353cbdda40f528800d59a89b42e5e51396b03c092bf41ef8e294d8fd5

[kziemianek]

Maybe we can always populate it with worker's mrenclave for first validateer in dev see: #2382 (comment)

[kziemianek]

@Kailai-Wang, @felixfaisal what do you think?

[jonalvarezz]

fyi: the vc-sdk uses scheduledEnclave's value

[BillyWooo]

@Kailai-Wang @kziemianek I think we can always populate it for first validateer.

[kziemianek]

Nice and clean, not much to complain, thanks!

About the registry - this PR removes it completely. I'm thinking in the future, we might want to add "publish vc" feature where the user can link the selected VCs to their DID to make them public, so that anyone can see them by tracking down the DID. For that we'll need (again) a registry 🤔

VCRegistry remains untouched - previously generated VCs can still be validated using it. It just can't be altered anymore because logic/calls are gone. I'm still waiting for decision on what we are going to do with old VCs.

[jonalvarezz]

lgtm

[jonalvarezz]

parachainBlockNumber is the block used to calculate the VC, and it won't match the VC's Issuance block. Is it likely that the registered enclave changes between those two instances? better said, should we account for such a case?

[kziemianek]

I think the time of VC's issuance is not important here - it doesn't matter what happens next after VC was generated as long as the VC was generated by legit enclave, but I would love to hear other opinions too.

[Kailai-Wang]

Nice and clean, not much to complain, thanks!
About the registry - this PR removes it completely. I'm thinking in the future, we might want to add "publish vc" feature where the user can link the selected VCs to their DID to make them public, so that anyone can see them by tracking down the DID. For that we'll need (again) a registry 🤔

VCRegistry remains untouched - previously generated VCs can still be validated using it. It just can't be altered anymore because logic/calls are gone. I'm still waiting for decision on what we are going to do with old VCs.

Yea I'm not talking about old VCs, but rather in the future - but OK we can always add it back whenever needed.

[kziemianek]

I will delete VCRegistry storage from VCManagement pallet.

[kziemianek]

Requested review again as there are new changes.

[jonalvarezz]

set it on fire 🔥

[kziemianek]

I'll update weights and merge it.