You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jan 2, 2026. It is now read-only.
-[6.6.1 Signing keys and ID-Certs](#661-signing-keys-and-id-certs)
52
52
-[6.6.2 Home server operation and design](#662-home-server-operation-and-design)
@@ -300,12 +300,12 @@ can only have one active session token at a time.
300
300
301
301
Regardless of the authentication method used, the foreign server must verify the actor's identity
302
302
before allowing them to perform any actions. This verification must be done by proving the cryptographic
303
-
connection between an actors' home server's public identity key and the actor's ID-Cert. Challenge
304
-
strings, as described in [Section 4.2](#42-challenge-strings) and in [polyproto-auth](./auth.md)
305
-
are used for this purpose within this specification.
303
+
connection between an actors' home server's public identity key and the actor's ID-Cert through
304
+
ID-Cert signature verification.
306
305
307
-
Servers must also check with the actor's home server to ensure that the ID-Cert has not been revoked.
308
-
APIs for this purpose are defined in the [API documentation](/APIs).
306
+
Before a foreign actor is allowed to send messages on the server, the server must also check with
307
+
the actor's home server to ensure that the ID-Cert has not been revoked. See [section 6.4.1](#641-verifying-that-a-newly-retrieved-id-cert-is-not-out-of-date)
308
+
for information on how this is done.
309
309
310
310
#### 4.1.2 Sensitive actions
311
311
@@ -1038,8 +1038,8 @@ This kind of attack mentioned above has been considered and mitigated in polypro
1038
1038
is achieved through API behaviors enabling the fetching of actor ID-Certs with additional information
1039
1039
attached to the response body. The additional information is structured as follows:
1040
1040
1041
-
| Field name | JSON type | Actual type (if different from JSON type) | Description |
|`cacheValidNotBefore`| String | Unsigned 64-bit integer | UNIX timestamp that specifies the time from which this cache entry may be treated as valid. |
1044
1044
|`cacheValidNotAfter`| String | Unsigned 64-bit integer | UNIX timestamp that specifies a time until which this cache entry may be treated as valid. |
1045
1045
|`cacheSignature`| String | - | Signature generated by the home server. This signature can be verified using the home servers' public identity key. |
@@ -1074,14 +1074,41 @@ identity key allows an actor to validate that a cached ID-Cert is both genuine a
1074
1074
This technique remedies the possibility of caching introducing an additional attack vector, allowing
1075
1075
caching to be used without conflicting with the [trust model](#2-trust-model) of polyproto.
1076
1076
1077
-
### 6.5 Cryptographic recommendations
1078
-
1079
-
For two implementations of polyproto to be interoperable, they must support an overlapping set of
1080
-
digital signature algorithms.
1081
-
1082
-
If technically practical, all implementations of polyproto must support the use of the Ed25519 digital
1083
-
signature algorithm for signing messages and generating ID-Certs. The use of the RSA algorithm for
1084
-
digital signatures [is heavily discouraged](https://blog.trailofbits.com/2019/07/08/fuck-rsa/).
1077
+
!!! info "Scenarios requiring cache and validity verification"
1078
+
1079
+
**Only** the following scenarios **must require** a server to retrieve, validate and supply invalidation
1080
+
and cache information about a foreign actor's ID-Cert:
1081
+
1082
+
- **Sending messages:** Before a foreign actor is allowed to send any messages on the server. This
1083
+
automatically applies again if the ID-Cert is changed through any means.
1084
+
- **ID-Cert request:** When the server receives a request for a foreign actor's ID-Cert, the server
1085
+
must fetch and validate invalidation and cache information about the foreign actor's ID-Cert before
1086
+
completing the request.
1087
+
1088
+
!!! info "Scenarios **not** requiring cache and validity verification"
1089
+
1090
+
The following scenarios **must explicitly not require** a server to retrieve, verify or supply invalidation
1091
+
and cache information about a foreign actor's ID-Cert:
1092
+
1093
+
- **Requesting a challenge string:** When a foreign actor requests a challenge string from the server.
1094
+
- **Requesting a key trial:** When a foreign actor requests a key trial from the server.
1095
+
- **Completing a key trial:** When a foreign actor completes a key trial from the server.
1096
+
- **Re-signing messages request:** When a foreign actor requests to re-sign messages on the server.
1097
+
- **Re-signing messages abortion request:** When a foreign actor requests to abort the re-signing
1098
+
of messages on the server.
1099
+
- **Re-signing messages commitment:** When a foreign actor commits re-signed messages to the server.
1100
+
- **Re-signing messages commitment:** When a foreign actor fetches messages to-be re-signed from
1101
+
the server.
1102
+
- **Requesting a redirect:** When a foreign ("new") actor asks the server of the "old" server to
1103
+
set up a redirect to the "new" actor.
1104
+
- **Key trial information request:** When an actor requests information about completed key trials
1105
+
from the foreign actor.
1106
+
1107
+
### 6.5 Cryptographic specifications
1108
+
1109
+
All implementations of polyproto **must** use the Ed25519 digital signature algorithm for signing
1110
+
messages and generating ID-Certs. The usage of alternative cryptographic algorithms is allowed.
1111
+
However, certificates and messages must be made available with Ed25519 signatures per default.
0 commit comments