Decision: use short form of btcr did if output index is 0 #5
Comments
|
Sounds good.. So for example if I try to resolve |
Signed-off-by: Markus Sabadello <[email protected]>
|
I just wrote somewhere else, I think maybe in dcdpr's repo, that programs
should probably accept the long form as input, like your resolver, but
anything that generates the TXrefs should only generate the short form.
…On Wed, Aug 7, 2019, 11:12 AM Markus Sabadello ***@***.***> wrote:
Sounds good.. So for example if I try to resolve
did:btcr:8kyt-fzzq-qqqq-ase0-d8, then the resolver should throw an error,
whereas did:btcr:xkyt-fzzq-q4wq-f2d would work, right?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#5?email_source=notifications&email_token=AAJ46WQYFPSLVVAOXCZPKYTQDMF7DA5CNFSM4IJ2MPIKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD3ZIKHY#issuecomment-519210271>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAJ46WQ25AUSYPOSLTMQUXDQDMF7DANCNFSM4IJ2MPIA>
.
|
My sense is that @kimdhamilton is right that it's a potential security risk to allow 2 formats. I can also imagine semantic problems if you have 2 (different, but linked) identifiers for the same resource. A generic txref library could continue to accept both, but on the DID resolver layer I think it's better to only allow one form. |
|
+1 that only 1 should be accepted at the DID resolver layer. When we discussed yesterday, we mentioned 2 reasons:
I thought we agreed on this yesterday, but let me know if you want to discuss further @danpape |
|
No - that is fine. I was trying to invoke Postel's law when saying we
should accept both, but perhaps I was unclear about what everyone else
decided yesterday. I am fine with the did/btcr layer being strict about it.
…On Wed, Aug 7, 2019 at 1:04 PM Kim (Hamilton) Duffy < ***@***.***> wrote:
+1 that only 1 should be accepted at the DID resolver layer. When we
discussed yesterday, we mentioned 2 reasons:
1. clarity for resolution implementers
2. potential security issue
I *thought* we agreed on this yesterday, but let me know if you want to
discuss further @danpape <https://github.com/danpape>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#5?email_source=notifications&email_token=AAJ46WSJTC2TLXRCME6ULZDQDMTGNA5CNFSM4IJ2MPIKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD3ZRXGI#issuecomment-519248793>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAJ46WXMP4NFVQLJXCMG4N3QDMTGNANCNFSM4IJ2MPIA>
.
|
|
A test for this should be: For testnet transaction: f8cdaff3ebd9e862ed5885f8975489090595abe1470397f79780ead1c7528107 INVALID (as output index is 0): did:btcr:8yv2-xzpq-qqqq-9yce-nk SHOULD BE: did:btcr:xyv2-xzpq-q9wa-p7t -- Christopher Allen |
This affects code samples, libraries and method spec
When txout is 0, the short form of the btcr did (with testnet, this yields the
xprefix) should be used.BIP136 supports both forms for index 0, but we are making the decision that BTCR supports only the short form when index==0.
Reason: shorter, and it's a potential security risk to allow 2 formats
The text was updated successfully, but these errors were encountered: