Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve Sign1Message.Sign1() docs #85

Merged
merged 1 commit into from
Jul 11, 2022
Merged

Improve Sign1Message.Sign1() docs #85

merged 1 commit into from
Jul 11, 2022

Conversation

qmuntal
Copy link
Contributor

@qmuntal qmuntal commented Jul 4, 2022
edited by thomas-fossati
Loading

Fix #68

Signed-off-by: qmuntal qmuntaldiaz@microsoft.com

@qmuntal
improve Sign1Message.Sign1() docs
1dcfe60 
Signed-off-by: qmuntal <qmuntaldiaz@microsoft.com>
thomas-fossati
thomas-fossati approved these changes Jul 4, 2022
View reviewed changes
Copy link
Contributor

@thomas-fossati thomas-fossati left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! I left a non-blocking comment that you may (or may not) decide to address.

sign1.go
// The signature is stored in m.Signature.
//
// Note that m.Signature is only valid as long as m.Headers.Protected and
// m.Payload remain unchanged after calling this method.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

another condition that may be worth to flag is when external has changed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

external is not kept in any Sign1Message field but encoded as part of the signature, so modifying external after calling Sign1 should be a problem.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, I'm not sure here we want to highlight all possible ways the computed signature can be invalidated, or only those conditions that depend on the state of the message that we store. That's why I left it to your judgement :-)

shizhMSFT
shizhMSFT approved these changes Jul 6, 2022
View reviewed changes
Copy link
Contributor

@shizhMSFT shizhMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

SteveLasker
SteveLasker approved these changes Jul 11, 2022
View reviewed changes
Copy link
Contributor

@SteveLasker SteveLasker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@SteveLasker SteveLasker merged commit e8f34ae into veraison:main Jul 11, 2022
@qmuntal qmuntal deleted the docs branch July 11, 2022 15:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thomas-fossati thomas-fossati thomas-fossati approved these changes

@shizhMSFT shizhMSFT shizhMSFT approved these changes

@SteveLasker SteveLasker SteveLasker approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Consider Interface simplicity and safer usage of Sign1
4 participants
@qmuntal @SteveLasker @thomas-fossati @shizhMSFT