Add prev CID link check to Log::verify()
#5
Conversation
Signed-off-by: Dave Grantham <dwh@linuxprogrammer.org>
|
@dhuseby I think this will work. Casual Aside: I have to keep reminding myself that this So, we don't actually need to hash the entry to check that against the CID -- that's already baked into the If these assumption are spot on, then I think what you've done here -- checking prev against current -- makes sense. A long while ago I put the |
|
@dhuseby looks like you just have to update the multikey dep from commit
to the latest
(update and commit lockfile) |
|
Actually, maybe a different approach the the deps would be better. It's a bit of a nightmare right now, especially when I want to push any changes. For example, deriving the additional I am thinking these deps should just be re-exported, that way when the upstream dep is changed, it trickles down to all the other dependencies without the pasta (both copy and spaghetti kinds). Because right now it's becoming a nightmare to make even a small change and still use the multi-tude of multi-repos. |
|
OR... make it a |
|
After further review, this is what I think would work best: Combine multi-
into a workspace with multisig and multihash. The workspace can re-export all 6 of these deps, that way any library relying on these is synced. |
|
I'm swtiching to this workspace clone https://github.com/DougAnderson444/multicrates for the meantime for ease of development (and for great justice). |
Yes, because the lock script typically verifies a signature over the serialized proposed entry. As long as the |
Maybe eventually. That would bring in a bunch of people with opinions that don't understand what we're doing. I constantly get: "just use DIDs/UCANs". 🤦🏻♂️ |
Can I just fork this to "upstream it"? I think you should add a |
|
I like the multicrates and want to add one here. |
I had to clone them all in order to re-write the deps in the
Good idea, I pulled this in |
Understandable. Adoption takes time. You know, it should be pretty easy to make a As for Pecan, get it? Not that you need more ideas or pokers in the fire, I'm just saying it could be done. |
I'm the original author of
With 1, you're centralizing. Just use URLs. Option 2 is not scalable. Option 3 is just re-inventing URLs. Also, there is no requirement for DIDs to contain content addresses nor is there a requirement for them to be verifiable (i.e. they contain some authenticity verification data in the DID).
Maaaaybe. The plog structure does a much better job of fine-grained IAM with revocation. The delegation structure and programmable nature makes it a full replacement for enterprise-grade IAM. UCANs make sense if all you have is DIDs. And as such, they suffer the problems that plague DIDs. The primary goal is NOT solving how to create an identifier and attach capabilities to them; that has been solved MANY times over and keeps getting re-invented without any meaningful improvement. The primary goal is understanding and implementing three-state links (e.g. valid, invalid, partially-valid/healable) that make a network self healing in a unilateral and secure way. Individual actors must be able to repair the links unilaterally and in a verifiable and secure way. The web possesses this property when we use URLs+x.509+smart URL routers/search pages. The self-healing mechanism on the web is colloquial, not standard procedure, but it is unilateral and secure. It turns out that there's just enough unilateral self-healing going on to make the web, THE web. The VLAD+plog design is specifically meant to create a unilateral and secure mechanism for creating self-healing content addressed, and pubkey verified, p2p networks. It is NOT about yet another identifier (because URLs weren't invented here or something). It is an intentional design to provide the pre-conditions necessary to create THE public key infrastructure network. |
|
I'll re-base this onto the mono-repo soon. It's in my todo list. |
Fixes #4. Good catch @DougAnderson444.
Signed-off-by: Dave Grantham dwh@linuxprogrammer.org