Open martinthomson opened 1 year ago
Curious about possible attack vectors if we don't authenticate with event type. It does not seem possible to misinterpret source event as trigger and vice versa, so there must be something more sophisticated
@akoshelev , I think if we don't have the is_trigger bit in the associated data there isn't a good way to enforce that a source-fan-out query only contains source events from the site which is submitting the query, since if source/trigger bit were encrypted the source site submitting the query could include source events from other source sites disguised as trigger reports. See also discussion here.
The biggest change is moving to add an indicator for the type of event (source or trigger).
The rest is cleanup.