Giters

google / exposure-notifications-verification-server

Verification component for COVID-19 Exposure Notifications.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Signed SMS payloads

mikehelmick opened this issue · comments

commented

TL;DR

Implement signed SMS payloads.

Design

Proposal

  • Per-realm SMS signing keys. These are distinct from the verification certificate signing keys

  • The signature is calculated over a preamble and the message body up to the keyword "Authorization:" Everything after that is the signature itself, including the kid to use from the public key set for signature verification.

/assign

Targeting v0.21 - may not make it until v0.22

commented

A few questions:

  1. I assume we'll also want to hook into rotation. At what frequency should we rotate and for how long should a rotated key still be included in the allowed list?

  2. The spec required some kind of server-side kill switch. I was thinking we could just implement system-admin and realm-admin revocation permissions. Does that make sense?

  3. Where are we publishing the public keys? I remember the original proposal was to use the jwks endpoints, but this would be a different type of key, so it'd require a new discovery endpoint, right?

commented

  1. Manual rotation only - we can probably reuse a lot of the UI from the existing signing keys UI

  2. Server side kill switch is related to OS specific thing to stop verifying these messages - nothing here

  3. Manual distribution of key to Google and Apple