matheus23
commented
1 year ago I assume the whole invocation is invalid if any proof it relies on can't be fetched or if anything in the graph is malformed
That's a really good question. I think implementations don't handle this consistently. In general, if there's some "path" through the DAG of UCAN delegations with valid attenuations, signatures, valid issuers and audiences, etc. then the invocation should be valid.
This is so that UCAN invocation checking can short-circuit once it found one way to "realize" the final capability needed.
If the whole UCAN DAG had to be valid, then you would have to fetch the whole DAG to check its correctness to be sure you didn't miss any incorrect formatting that would make the whole invocation fail.
I also agree that this should perhaps be added to the spec.
bumblefudge
expede
One thing that I couldn't quite figure out on slow readthrough was what happens if CIDs aren't resolved/fetchable? what happens if the CID value in
prfresolves to something other than the proof? I assume the whole invocation is invalid if any proof it relies on can't be fetched or if anything in the graph is malformed, but maybe making more explicit if an invocation that has an invalid link in its chain is different from an invocation with a malformed link in its chain and from an invocation with an expired link in its chain CAN be or MUST be treated differently, and if conforming implementations need to give different error messages in those three cases, etc?