Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Require digest verification for related resources. #1567

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Require digest verification for related resources. #1567

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 6 additions & 5 deletions index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3191,12 +3191,13 @@ <h2>Integrity of Related Resources</h2>
</p>

<p>
Specification authors that write algorithms that fetch a resource based on the
`id` of an object inside a [=conforming document=] need to consider whether
that resource's content is vital to the validity of that document. If it is, the
specification MUST produce a validation error unless the resource matches the
expected media type and cryptographic digest.
A [=conforming verifier implementation=] that makes use of a resource based on
the `id` of an object inside a [=conforming document=] with a corresponding
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If necessary for clarity, here's an alternative suggestion to what Ivan suggests below:

Suggested change
the `id` of an object inside a [=conforming document=] with a corresponding
the `id` of a `relatedResource` object inside a [=conforming document=] with a corresponding

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, that works and is mathematically more precise.

👍

cryptographic digest MUST check the digest against the retrieved resource. If
Comment on lines +3195 to +3196
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just being picky...

Suggested change
the `id` of an object inside a [=conforming document=] with a corresponding
cryptographic digest MUST check the digest against the retrieved resource. If
the `id` of an object inside a [=conforming document=] with a corresponding
cryptographic digest appearing in a `relatedResource` object value MUST check the digest against the retrieved resource. If

It is pickiness. I will a accept either way.

Copy link
Contributor

@dlongley dlongley Oct 1, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@iherman,

Hmm, this is in the related resource section. The id is in the relatedResource object, that's the object that is being referred to here, i.e., relatedResource.id, so I don't think your suggestion is correct and / or it is redundant in a strange way. IMO, if we need to, we can say "the id of a relatedResource object" instead of "the id of an object".

Note the sentence right before the above paragraph says:

Any objects for which selective disclosure or unlinkable disclosure is desired SHOULD NOT be included as an object in the relatedResource array.

This "an object" ^ is the same one referred to in the paragraph above.

the digest of the retrieved resource does not match the one provided by the
[=issuer=], the [=conforming verifier implementation=] MUST produce an error.
Comment on lines +3194 to +3198
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this end something like "MUST produce an error that SHOULD indicate type _____"?

Suggested change
A [=conforming verifier implementation=] that makes use of a resource based on
the `id` of an object inside a [=conforming document=] with a corresponding
cryptographic digest MUST check the digest against the retrieved resource. If
the digest of the retrieved resource does not match the one provided by the
[=issuer=], the [=conforming verifier implementation=] MUST produce an error.
A [=conforming verifier implementation=] that makes use of a resource based on
the `id` of an object inside a [=conforming document=] with a corresponding
cryptographic digest MUST compute the digest of the retrieved resource. If the
digest provided by the [=issuer=] does not match the digest computed for the
retrieved resource, the [=conforming verifier implementation=] MUST produce
an error.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Revised based on conversation between @dlongley and @iherman above. Still wondering whether this should end with something like "MUST produce an error that SHOULD indicate type _____"?

Suggested change
A [=conforming verifier implementation=] that makes use of a resource based on
the `id` of an object inside a [=conforming document=] with a corresponding
cryptographic digest MUST check the digest against the retrieved resource. If
the digest of the retrieved resource does not match the one provided by the
[=issuer=], the [=conforming verifier implementation=] MUST produce an error.
A [=conforming verifier implementation=] that makes use of a resource based on
the `id` of a `relatedResource` object inside a [=conforming document=] with a
corresponding cryptographic digest appearing in a `relatedResource` object value
MUST compute the digest of the retrieved resource. If the digest provided by the
[=issuer=] does not match the digest computed for the retrieved resource, the
[=conforming verifier implementation=] MUST produce an error.

</p>

<p>
Implementers are urged to consult appropriate sources, such as the
<a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf">
Expand Down