Open vaikas opened 2 years ago
Yeah, I'm +1 on this. I'd hope to reach this point with #666 but was concerned that it would require divergence in signing and verification flows. Given the bugs we found (and you are fixing) I'm thinking that having them shared is more trouble (and confusion) than it is worth.
I think having Signature
which carries the signature annotations, and Attestation
, which is more strongly oriented around DSSE and does not (the payload is the signature).
cc @dekkagaijin @dlorenc
+1, a Verifiable (?) interface could make sense. We could add support for other signature types as well.
Description As I was ramping up on #930 and #919 I found it a bit confusing that both Signature and Attestation are treated as Signature, even though they actually behave differently. I tried to clarify in the documentation to hopefully help other newcomers (or maybe it was just me :) ) but that led me to think that given that since there are some codepaths where these are treated differently in the code if we might want to consider separating the Interface as well. Just a thought.