Doichain / dapp

Doichan dApp - a Meteor.js implementation of the "Doichain Atomic Double-Opt-In" Protocol
https://www.doichain.org
MIT License
6 stars 6 forks source link

revoke permission specification and compromised privateKeys approach #58

Open silkroadnomad opened 6 years ago

silkroadnomad commented 6 years ago

when a DOI (permission) was given, so far it stays with the ownership of Bob (email provider), which is correct and should NOT be changed.

in case Peter (the recipient) wants to revoke a permission he should browse his permission on his responsible Doichain dApp (Bob) and revoke the permission for a sender (Alice) there.

As soon as Bob revokes he should identically inform Alice about the revocation as he did for the confirmation. Alice now deletes (or better flag revoked = true) her local records of Peter automatically.

Please see https://bounties.doichain.org/ how to apply for Doichain bounties.

silkroadnomad commented 6 years ago

Update: Lately a privateKey was compromised. In this case a new privateKey and publicKey must be generated and configured. here a procedure must be implemented so that old permissions signed with old privateKeys can still be validated with old publicKeys OR compromised permissions must be transferred to a new publicKey. Signatures must be created again for all permissions. (as it seems)