Big pull request for v0.11

sdmp / sdmp.github.io

The main front-page and docs for the sdmp project.

https://sdmp.io

2 stars 2 forks source link

Big pull request for v0.11 #22

Closed saibotsivad closed 8 years ago

saibotsivad commented 8 years ago

I'm making this pull request here to start getting everything organized for the big 0.11 release.

saibotsivad commented 8 years ago

The "line number" was changed to "line identifier" throughout the specs. Fixes #19.

saibotsivad commented 8 years ago

[x] Basic final structure should be something like this:
core
- crypto
- container
- create identity
- sub keys
- encrypt/decrypt
- sign/verify
- create shared key (e.g. session keys)
journal
- entries (resources; uri for them)
- publish entry
- journal broadcast
- request journal
- request entry
- send entry
network
- connection handshake
- traffic (encrypted, request/response)
- tcp (extra implementation details)
trust
- trust levels
- create trust
- revoke trust
messages
- markdown
- user information
- node information

saibotsivad commented 8 years ago

Questions:

Is the TCP implementation needed? e.g. could you do a socket.io over ssl signed by an identity/node key, not using the CA chain?

The TCP implementation is not needed for the 0.11 release. It's been dropped for now.

In previous iterations, multiple nodes could sign the same resource. I think this is still a good idea, and I don't know why it got dropped. (If a user signs the same resource with multiple keys, this would lend it more credence. E.g. get on your laptop and it says "you published these 3 resources, check here if they are from you".)

This was filed as #24

saibotsivad commented 8 years ago

[x] The trust types should be something like:
Can read messages. (When writing to a user, encrypt message to all keys given read messages access.)
Can write messages. (When accepting messages from a user, accept only ones signed by keys given write messages access.)
Can create sub keys. (When checking sub keys and nodes from a user, only accept the new keys if signed by a key that has create keys access.)
Can revoke sub keys. (When checking key revocations, only accept revocations if signed by a key that has revoke keys access.)
Can create a trust. (Etc.)
Can revoke a trust. (Etc.)

There shouldn't be any shortcuts to trust types, e.g. full for all rights. You need to specify all of the rights explicitly.

saibotsivad commented 8 years ago

I've updated the cryptography specs and added full examples. This fixes #12

saibotsivad commented 8 years ago

Welp. I've read through things a few times, and looked at the different filed issues, and I think this is "reasonable enough" for a release.

Always lots to do, that's why it's still in beta!

jmhobbs commented 8 years ago

:+1:

saibotsivad commented 8 years ago

:laughing:

I made up a bunch of examples that use OpenSSL to generate keys and encrypt/sign things, and I started writing up some notes for a command line utility to do most of the work. The command line utility is the next thing on my list, and that'll probably point out more inconsistencies that I've missed.

Feel free to open as many issues as you want if you find anything inconsistent or wrong!