js-waku icon indicating copy to clipboard operation
js-waku copied to clipboard

Published 20 hours ago verified publisher icon waku-org

Revert "feat!: export crypto primitives (#1728)"

Open fryorcraken opened this issue 1 year ago • 4 comments

This reverts commit 7eb3375f

The original PR states:

In some cases users don't want to encrypt whole payload but only some part of it to have additional features.

I would argue the opposite. If a user has a key to decrypt or encrypt, then Waku Message v1 should be used to encrypt the whole message.

By only encrypt part of the messages, we open the door for developers to encrypt metadata and leak them. Which against why we are building Waku in the first place.

Also, within days of exposing these primitives, I got a developer confused on whether they should use them.

fryorcraken avatar Dec 08 '23 10:12 fryorcraken

size-limit report 📦

Path Size Loading time (3g) Running time (snapdragon) Total time
Waku core 78.48 KB (0%) 1.6 s (0%) 217 ms (+85.58% 🔺) 1.8 s
Waku Simple Light Node 241.3 KB (0%) 4.9 s (0%) 322 ms (+52.75% 🔺) 5.2 s
ECIES encryption 73.1 KB (+0.19% 🔺) 1.5 s (+0.19% 🔺) 173 ms (+2.17% 🔺) 1.7 s
Symmetric encryption 73.11 KB (+0.22% 🔺) 1.5 s (+0.22% 🔺) 190 ms (+49.47% 🔺) 1.7 s
DNS discovery 120.91 KB (0%) 2.5 s (0%) 314 ms (+144.68% 🔺) 2.8 s
Privacy preserving protocols 126.01 KB (0%) 2.6 s (0%) 138 ms (-16.41% 🔽) 2.7 s
Light protocols 76.06 KB (0%) 1.6 s (0%) 193 ms (+45.64% 🔺) 1.8 s
History retrieval protocols 74.97 KB (0%) 1.5 s (0%) 153 ms (-6.04% 🔽) 1.7 s
Deterministic Message Hashing 5.65 KB (0%) 113 ms (0%) 106 ms (+566.3% 🔺) 219 ms

github-actions[bot] avatar Dec 08 '23 10:12 github-actions[bot]

Does this change affect the notes example PR? https://github.com/waku-org/js-waku-examples/pull/286

adklempner avatar Dec 09 '23 02:12 adklempner

Does this change affect the notes example PR? waku-org/js-waku-examples#286

I am stating that we do not need these API for the notes example: https://github.com/waku-org/js-waku-examples/pull/291

I do need to triple check.

fryorcraken avatar Dec 13 '23 01:12 fryorcraken

This and we should keep exposing those methods to prevent unnecessary packages being added by consumers in case they would try to do encryption, signing.

weboko avatar Jan 02 '24 23:01 weboko

Closing this for now, let's change it in future based on feedback from people.

weboko avatar Apr 12 '24 09:04 weboko

https://github.com/waku-org/js-waku/issues/1955

weboko avatar Apr 12 '24 09:04 weboko