Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve Sign1Message.Sign1() docs #85

Merged
merged 1 commit into from
Jul 11, 2022
Merged

Conversation

qmuntal
Copy link
Contributor

@qmuntal qmuntal commented Jul 4, 2022

Fix #68

Signed-off-by: qmuntal qmuntaldiaz@microsoft.com

Signed-off-by: qmuntal <qmuntaldiaz@microsoft.com>
Copy link
Contributor

@thomas-fossati thomas-fossati left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! I left a non-blocking comment that you may (or may not) decide to address.

// The signature is stored in m.Signature.
//
// Note that m.Signature is only valid as long as m.Headers.Protected and
// m.Payload remain unchanged after calling this method.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

another condition that may be worth to flag is when external has changed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

external is not kept in any Sign1Message field but encoded as part of the signature, so modifying external after calling Sign1 should be a problem.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, I'm not sure here we want to highlight all possible ways the computed signature can be invalidated, or only those conditions that depend on the state of the message that we store. That's why I left it to your judgement :-)

Copy link
Contributor

@shizhMSFT shizhMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Contributor

@SteveLasker SteveLasker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@SteveLasker SteveLasker merged commit e8f34ae into veraison:main Jul 11, 2022
@qmuntal qmuntal deleted the docs branch July 11, 2022 15:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Consider Interface simplicity and safer usage of Sign1
4 participants