Got error after accepting connectionless credential offer from trinsic

[standlove]

Hi,

After accepting the connectionless credential offer from trinsic, we are getting this error:

 "error": {
    "name": "AriesFrameworkError",

    "message": "Cannot verify service without senderKey on incoming message (received AnonCrypt or unpacked message)",

We are using v0.1.0, is it a bug in ariesframework?

Thanks.

[TimoGlastra]

Do you have more logs? After which received message did you get this error? It seems like trinsic is sending the message using AnonCrypt, and we're expecting the message to be AuthCrypt packed. We may need to tweak the check to be a bit less strict (although it seems weird to me trinsic uses AnonCrypt).

[standlove]

Hi, @TimoGlastra

The messages are attached below. messages.txt

Thanks.

[TimoGlastra]

Thanks for posting the logs. It seems like AF.NET indeed uses AnonCrypt to pack the message which means we can't verify then sender (https://github.com/hyperledger/aries-framework-dotnet/blob/main/src/Hyperledger.Aries/Agents/AgentBase.cs#L167)

TBH I'm not sure what to do here. If using AnonCrypt someone else could send the message and we wouldn't know. That's why we do the check if the recipientKeys used in the ~service decorator of the credential offer message is the same as the senderKey of the credential issue message. But maybe we shouldn't do this verification and this is just one of the downsides of using connectionless over full connections...

@swcurran do you know if using AnonCrypt for connectionless is to be expected?

[swcurran]

I'm not sure about this. Tagging @tmarkovski and @andrewwhitehead to see if they can provide any insight. Tomislav/Andrew -- feel free to ask any questions needed to understand the scenario.

[TimoGlastra]

Trinsic has been deprecated