search

divviup / janus

Experimental implementation of the Distributed Aggregation Protocol (DAP) specification.
Mozilla Public License 2.0
51 stars 14 forks source link

HPKE config list signing #2864

Closed branlwyd closed 2 months ago

branlwyd commented 3 months ago

We need to support signing of the HPKE config list returned by /hpke_configs.

We should support, minimally, ECDSA P-256 w/ SHA-256. This is OK as a starting point for implementation; we don't need to support a variety of signature schemes as long as we don't paint ourselves into a corner.

The signature should go into a new header that is included in the response to an /hpke_configs request. The header name should be "x-hpke-config-signature". The header value should be an unpadded-base64url-encoding of a DER-encoding of the signature.

See also https://github.com/cloudflare/daphne/pull/520.

branlwyd commented 2 months ago

This issue is resolved by the above commit.