Skip to content

pubsub: signing policy -- #294 + editorial changes #299

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Sep 30, 2020
Merged

pubsub: signing policy -- #294 + editorial changes #299

merged 13 commits into from
Sep 30, 2020

Conversation

@raulk
Copy link
Member

@raulk raulk commented Sep 25, 2020
edited
Loading

This introduces editorial changes on top of #294. We now concentrate all our additions in pubsub.md.

@protolambda, I wanted to target your branch, but it's in a fork.

cc @arnetheduck

@raulk raulk requested review from protolambda and vyzo September 25, 2020 14:53
raulk
raulk commented Sep 25, 2020
View reviewed changes
protolambda
protolambda approved these changes Sep 25, 2020
View reviewed changes
Copy link
Contributor

@protolambda protolambda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, and thanks for making the necessary changes @raulk

vyzo
vyzo reviewed Sep 27, 2020
View reviewed changes
Copy link
Contributor

@vyzo vyzo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks good; some minor comments, probably worth addressing.

@raulk
Copy link
Member Author

raulk commented Sep 29, 2020

@vyzo all comments addressed. Was your review an approval, subject to the edits you suggested? Or do you want to do another full review?

@raulk raulk requested a review from vyzo September 29, 2020 14:28
arnetheduck
arnetheduck reviewed Sep 29, 2020
View reviewed changes
pubsub/README.md
authorship is preserved.

The `seqno` field (optional) is a 64-bit big-endian uint that is a linearly
increasing number that is unique among messages originating from each given
Copy link
Contributor

@arnetheduck arnetheduck Sep 29, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

afair rust-libp2p puts a random number here? is linearly increasing a "hard" requirement?

Copy link
Contributor

@vyzo vyzo Sep 29, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not really, it just has to be unique within the time cache window.

arnetheduck
arnetheduck reviewed Sep 29, 2020
View reviewed changes
pubsub/README.md
**Signature verification.** There are two configurations possible:

* `Strict`: either expect or not expect a signature.
* `Lax` (legacy, insecure, underterministic, to be deprecated): accept a signed
Copy link
Contributor

@arnetheduck arnetheduck Sep 29, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be nice to export some of this language to a separate section which simply says that all fields that are set must be valid for their type - seqno must be 8 bytes, if the signature is set it must be valid - these would be pre-conditions to even consider the message for propagation before the "modes" are considered - the "lax" vs "strict" distinction then becomes a requirement for a signature or not.

Copy link
Member Author

@raulk raulk Sep 30, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, that would be a welcome improvement. All protobuf types are bytes and strings, which express no constraints in and of themselves.

Copy link
Member Author

@raulk raulk Sep 30, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mind submitting a PR against master when this lands (i.e. now)?

@raulk raulk merged commit 40f2048 into master Sep 30, 2020
@raulk raulk deleted the signing-policy-review branch September 30, 2020 09:54
@wemeetagain wemeetagain mentioned this pull request Oct 11, 2020
Merged
jxs pushed a commit to jxs/specs that referenced this pull request Aug 8, 2025
@galargh
Merge pull request libp2p#299 from libp2p/master-fix
bb66c15 
fix@15368966383 [skip fix]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vyzo vyzo vyzo approved these changes

+2 more reviewers

@arnetheduck arnetheduck arnetheduck left review comments

@protolambda protolambda protolambda approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@raulk @vyzo @arnetheduck @protolambda