iroh icon indicating copy to clipboard operation
iroh copied to clipboard
verified publisher icon n0-computer

Revoking tickets

Open Dzordzu opened this issue 1 year ago • 1 comments

Question

Is it possible to revoke a specific ticket? The documentation is silent on this.

Example

Let's suppose I have a ticket A for a certain doc (rw permissions). Then I create a ticket B, that is based on ticket A. Is it possible to revoke ticket A? If so, is the ticket B still valid?

TLDR

  1. Ticket A (rw) for a Doc
  2. Ticket B from A
  3. Revoke A?
  4. If so, is B still valid?

Dzordzu avatar Oct 22 '24 02:10 Dzordzu

Docs tickets can currently not be revoked. Ticket B will by default contain the same secret material as Ticket A, so both will be valid

dignifiedquire avatar Oct 23 '24 11:10 dignifiedquire

Hmmm. Has anyone touched this subject before? I'm curious if there was anyone how may had investigated how to implement such a feature. If no, could I start looking around? Will it be automatically rejected?

Dzordzu avatar Nov 08 '24 10:11 Dzordzu

it's conceptually pretty much impossible for iroh-docs, as the secret key material is bound to the documents identity, so you would have to make a new document to do so. iroh-willow which is going to be a more complex version and feature heavy version of iroh-docs will allow for this, as it will implement a full capability system for managing access to data

dignifiedquire avatar Nov 08 '24 10:11 dignifiedquire