search

cardano-foundation / CIPs

Cardano Improvement Proposals (CIPs)
https://cips.cardano.org/
Creative Commons Attribution 4.0 International
516 stars 319 forks source link

CIP-0030: Clarity in the value of `kid` in `signData`? #680

Open itsfarseen opened 10 months ago

itsfarseen commented 10 months ago

https://github.com/cardano-foundation/CIPs/blob/5d32dc471d5c0f3a214e04ba415c674796732eb1/CIP-0030/README.md#L335-L353

  • kid (4) - Optional, if present must be set to the same value as in the COSE_key specified below. It is recommended to be set to the same value as in the "address" header.

Are we supposed to set it to the same value as the address field?

Nami used to set it to the publicKey corresponding to the address. They have now removed it citing compatibility with CIP-0030.

https://github.com/input-output-hk/nami/blob/6ba65366406a21e47a5eec8eac997e2240ee9e16/src/api/extension/index.js#L881-L885

  // protectedHeaders.set_key_id(publicKey.as_bytes()); // Removed to adhere to CIP-30
  protectedHeaders.set_header(
    Loader.Message.Label.new_text('address'),
    Loader.Message.CBORValue.new_bytes(Buffer.from(address, 'hex'))
  );

The original PR (https://github.com/cardano-foundation/CIPs/pull/148) used to say:

* `kid` (4) - must be set to the Ed25519 public key bytes used to sign the `Sig_structure`

It was later updated in the same PR to say:

* `kid` (4) - Optional, if present must be set to the same value as in the `COSE_key` specified below. It is recommended to be set to the same value as in the `"address"` header.

We should clarify what is the correct approach. If it's anything counter-intuitive like duplicating the same value as in the address field, we should also provide the rationale.

gitmachtl commented 10 months ago

this is general COSE standard, the key-id - if used - should match yes. so i would go with the later one.