Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

digital signing extending #68

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

digital signing extending #68

wants to merge 1 commit into from

Conversation

asafdl
Copy link

@asafdl asafdl commented Jul 27, 2022

crypto signing and verification is very fragile, docs around this should be very precise

@asafdl
digital signing extending
43a713d 
crypto signing and verification is very fragile, docs around this should be very precise
pawel-kow
pawel-kow requested changes Apr 5, 2024
View reviewed changes
Copy link
Member

@pawel-kow pawel-kow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorry, I've added comments here but never published the review

Domain Connect Spec Draft.adoc
@@ -720,7 +733,8 @@ key=_dcpubkeyv1

This example indicates that the public key can be found by doing a DNS
query for a TXT record called _dcpubkeyv1 in the domain specified in the
syncPubKeyDomain from the template.
syncPubKeyDomain from the template.
After generating and adding your key can test if its available from DNS TXT records https://exampleservice.domainconnect.org/sig[here]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would rather avoid such references. If necessary we may need an implementation guide, however Getting Started on domainconnect.org worked pretty well so far.

Domain Connect Spec Draft.adoc
----
A service for generating the DNS records from your public key can be found https://exampleservice.domainconnect.org/sig[here]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here. I would rather avoid such references. If necessary we may need an implementation guide, however Getting Started on domainconnect.org worked pretty well so far.

Domain Connect Spec Draft.adoc
@@ -709,6 +709,19 @@ EQ%3D%3D
The Service Provider generates this signature using a private key. As indicated,
this signature is generated from the query string properly URL encoded.

The Service Provider must generate the signature with RSA256 hash,
PKCS1v15 padding and Base64 encode it before adding it to query parameters.
Example service in python can be found https://github.com/Domain-Connect/exampleservice/blob/master/sigutil.py[here]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the formal specification I would rather not refer to any example implementation or source code other than an example code snippet.

@pawel-kow
Copy link
Member

Side comment -> more remark to the signing part not being described that well: #93 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pawel-kow pawel-kow pawel-kow requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@asafdl @pawel-kow