keripy icon indicating copy to clipboard operation
keripy copied to clipboard
Published 2 months ago verified publisher icon WebOfTrust

Kevery.processQuery does not verify signatures of source of query event

Open SmithSamuelM opened this issue 7 months ago • 1 comments

Feature request description/rationale

The Kevery.processQuery method is passed cigars an sigers but does not verify them. Neither does the processQueryNotFoundEscow method.

SmithSamuelM avatar May 16 '25 02:05 SmithSamuelM

We should add signature verification and then clients wishing to make "anonymous requests" can create an ephemeral AID for each individual query. Implementations can then blacklist ephemeral AIDs if they don't want to be query promiscuous.

Ephemeral AIDs will still work with KRAM so you'll still be protected from replay attacks.

pfeairheller avatar May 20 '25 14:05 pfeairheller