Amaury Chamayou
Amaury Chamayou
It would be great to have a 1.0 release!
@dsprenkels if there's anything I could do to help, I'd be happy to :)
@dsprenkels I am interested. I have to say I'm only a user at this point and I haven't looked at the implementation very closely yet. Can I take a look...
@dsprenkels thank you!
There are two main top-level possibilities to decouple signing from transport: 1. Include the signature in the message body itself, using a format like [COSE Sign1](https://pycose.readthedocs.io/en/latest/cose/messages/sign1message.html) 2. Include the signature...
In the case of governance, the signed payload is used repeatedly across transactions, as the proposal or the vote is being evaluated. For that reason, it is extracted and stored...
Proposed format for proposals and ballots: ``` label = int / tstr values = any empty_map = bstr .size 0 Generic_Headers = ( ? 1 => int / tstr, ;...
Python experiments: https://github.com/achamayou/CCF/blob/cose_signing_authn/tests/signing.py#L188 A source of awkwardness compared to HTTP request signing is the need to redundantly indicate what the verb/url already encode, for example in the case of a...
List of endpoints that only accept signed requests by members: - `POST /ack`: JSON input, no response payload [link](https://microsoft.github.io/CCF/main/governance/member_rpc_api.html#post--gov-ack) - `POST /proposals`: JSON input, JSON response payload [link](https://microsoft.github.io/CCF/main/governance/member_rpc_api.html#post--gov-proposals) - `POST...