search

RequestNetwork / requestNetwork

A JavaScript library for interacting with the Request Network protocol
https://docs.request.network/
MIT License
382 stars 78 forks source link

Add unencrypted `builderId` property to encrypted requests to allow counting encrypted requests created by each builder #1258

Open MantisClone opened 1 year ago

MantisClone commented 1 year ago

Problem

Today, it's impossible to know which builder (platform, project, etc.) creates an encrypted Request. For cleartext requests, we ask our builders to include a builderId in their contentData. But in encrypted requests, content data is part of the encrypted payload and thus cannot be read without sharing the request via addStakeholder.

Solution

Add an optional, cleartext builderId property outside the encrypted payload of a request.

Considerations

How to prevent griefers from creating fake encrypted requests and attributing them to the wrong builder id? Maybe require a platform signature?

Ask platforms to give end-users the option to omit the builderId for their requests, for privacy - so it doesn't reveal which invoicing software they use.

MantisClone commented 12 months ago

How to prevent griefers from creating fake encrypted requests and attributing them to the wrong builder id?

Maybe require a platform signature?