aries-rfcs icon indicating copy to clipboard operation
aries-rfcs copied to clipboard

Published 20 hours ago verified publisher icon decentralized-identity

Remove Signatures from Example Requests

Open TelegramSam opened this issue 3 years ago • 4 comments
trafficstars

Signed-off-by: Sam Curren [email protected] These were never appropriate, but added by mistake to the request. Sigs still required in Responses. Related to #717

TelegramSam avatar Mar 17 '22 00:03 TelegramSam

Awesome thanks. Maybe we can add a few words on why the signature is still required for the response? I think it would also be valuable to mention with which key(s) you need to sign the attachment? It seems this is only needed if the keys used for the invitation are different than the keys used in the response right?

TimoGlastra avatar Mar 17 '22 09:03 TimoGlastra

@TimoGlastra this will be discussed in the Aries WG call this week.

TelegramSam avatar Mar 22 '22 18:03 TelegramSam

Discussed WG 20220323. Kill this PR. Submit a new PR that clarifies the keys used in request and response signatures. (Request is key in did doc, response is key in invitation). Further clarify that this only works for ED25519 Keys. Note that the request signature was included by mistake, but left for compatibility in current implementations.

TelegramSam avatar Mar 23 '22 15:03 TelegramSam

Hey @TelegramSam, what did we land on in the end with signing the response message if a public did or peer did method 2 did is used? Should we just sign the resolved did document and attach that?

TimoGlastra avatar May 05 '22 09:05 TimoGlastra