subconsciousnetwork
Allow custom "now" time for signature verification
We recently added support for custom "now" time when building UCAN proof chains (https://github.com/ucan-wg/rs-ucan/pull/83). However, our own signature verification does not use it as yet. This means it will fail to verify signatures that occurred in the sufficiently distant pass (because the proof chains will have expired).
We should enable custom "now" time in signature verification that passes the value through when checking UCAN proof chains. And, it may be reasonable to automatically pick the end of the expiry of a UCAN that is known to be expired, since we're almost always considering signatures as a matter of verifying a historical record (and not for the purposes of invocation).
Currently to do this, as we do not have a "signing timestamp", we use the top ucan's expiration minus 1 as the verification time, which may fail if the top expiry isn't a subset of a proof chain's expiration. As constructing the proof chain also validates (and needs a timestamp), this inverted ordering prevents us from using a timestamp derived from the proof chain. Given this case, wondering if rs-ucan can construct a proof chain, validating based off of a user-selected time range, by providing an enum type rather than a raw u64 timestamp, something like:
enum VerificationTime {
Now, // Current time, same as passing in `None` currently
Any, // validate ucan that it was valid at any point, using reduced proof chain time-bounds
Timestamp(u64) // Provided time, same as passing in `Some(u64)` currently
}
