jorabin
commented
6 months ago Agree that the ContactMessage should contain public signature key of responder for the reason @zanctor gives.
Open zanctor opened 6 months ago
jorabin
commented
6 months ago Agree that the ContactMessage should contain public signature key of responder for the reason @zanctor gives.
A public signature key is required for the message signature verification. However, during the pairing sequence, an initiator does not know a responder's signature key to be able to verify a pairing response right away. It needs to decrypt the message and take this key from it. This might be an inconvenience in some programming languages and/or PGP implementations, where the message handling is done using streams (e.g. Java) or another similar concept since there might be a need to decrypt the message twice (to get the signature key first, and then decrypt-and-verify again with that key).
Thus I suggest adding a responder's signature key to the
ContactMessageprotobuf, so any implementation will be able to decrypt and verify the pair response message at once. Also, thepublicSignatureKeyfield can be removed from thePairResponseMessageprotobuf in this case.