Policy signatures: validate against previous_transactions as a failure mode, with warning #41
Labels
feature
New feature or request
good first issue
Good for newcomers
help wanted
Extra attention is needed
project:cli
Comments
orthecreedence
added
feature
orthecreedence
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When validating a policy signature, we currently take the creating identity's currrent transaction list and validate the signature against it. This is mostly fine, but if the policies or admin keys have changed since the signature was created, it could invalidate the signature. Because
SignV1transactions track their position in the DAG viaprevious_transactions, it makes sense to reset that identity to the latest of the transactions in that prev list and try the validation again. If it succeeds, we warn the user "this signature was not valid against the current version of the identity, but was valid against a past version."The text was updated successfully, but these errors were encountered: