-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
immutableMetadata capability #343
Comments
How do we handle LC v1.0.0 which does not have |
This proposal is backwards compatible with LC 1.0.0. The issue with signature in the old version is that client signining or verifying it must ensure the addresses in metadata payload are checksummed, but it's no problem if they're already in the serialized version. The LC does serialize it as such, but "re-ensuring" it won't break the signature, hence this proposal should work as is with all versions. |
This is a proposal to implement 1st bullet point of raiden-network/light-client#2730 (raiden-network/raiden#7113) in a way which keeps clients compatible with pyRaiden 2.0 (aka Bespin) release.
This implements 2 main changes:
LockedTransfer.metadata.routes[*].route: Address[]
array, and instead should be able to search themselves on this array and validate that the address after is the outgoing partner/next hop.route
array from all previous address up to them, and would not fail the mediation if this was not strictly the caseadditionalHash
to be calculated as the exact metadata object received, JCS-serialized.metadata
differently from what was serialized: the hash was over the checksummed addresses, but the serialized message was sent with the lowercased addresses. Also, additional/unknown properties inmetadata
were not preserved.Spec
immutableMetadata
1
, otherwise, assume the fallback value of0
(previous, 2.0 behavior). New clients:LockedTransfer
message from animmutableMetadata=0
partner (legacy), we should transform addresses inmetadata
before calculating theadditionalHash
used to verify its signature. Otherwise,additionalHash
should be calculated as the keccak256 hash of the canonical JSON serialization of the unvalidated/undecodedmetadata
.LockedTransfer
to animmutableMetadata=0
partner, theadditionalHash
must be calculated with checksummed addresses (we may decide to serialize it either as checksummed or lowercased, the change is required only for the signed/verifiedhash
, although if also serializing theLockedTransfer.metadata
payload addresses as checksummed, we'd have the serialization compatible with both old and new approach). Otherwise, as stated above, the hash must be of exactly was sent.route
array of every address up to and including us, such that partner will be the first/next address inroute
. In the new behavior,route
is always left unchanged.Conclusion
With the above spec, we can implement immutable metadata passthrough in a backwards compatible way, allowing us to implement new feature which depend on it, for example, secret encrypted in metadata. Of course, those features will need all hops on a path to be on the new behavior, but if not, at least they won't get out of sync and will simply fall back to the old behavior.
The text was updated successfully, but these errors were encountered: