Currently the trails services just takes a string as the signature, this allows people to abuse it (by using values for the signature that are not a valid 1 way hash, and therefore allows user to create circular trails which would not be possible with a proper signature).
What we should do is validate the hash for all trail entries when they are added. This makes sure the trail entry is then good, but also prevents trails with invalid structures that are not possible with 1 way hash functions / signatures.
The proposed method of signature is use canonical JSON (http://wiki.laptop.org/go/Canonical_JSON) and then to sign that representation with the businesses key. To enable better key management we could also use the ####### app that has been created by XXX and YYY.
Currently the trails services just takes a string as the signature, this allows people to abuse it (by using values for the signature that are not a valid 1 way hash, and therefore allows user to create circular trails which would not be possible with a proper signature).
What we should do is validate the hash for all trail entries when they are added. This makes sure the trail entry is then good, but also prevents trails with invalid structures that are not possible with 1 way hash functions / signatures.
The proposed method of signature is use canonical JSON (http://wiki.laptop.org/go/Canonical_JSON) and then to sign that representation with the businesses key. To enable better key management we could also use the ####### app that has been created by XXX and YYY.