Implement FEP-8b32: Object Integrity Proofs

Question

Implement FEP-8b32: Object Integrity Proofs

aumetra opened this issue 7 months ago · comments

https://codeberg.org/fediverse/fep/src/branch/main/fep/8b32/fep-8b32.md

Probably makes most sense in conjunction with FEP-521a: Representing actor's public keys (so we can attach an additional Ed25519 key to the actor and just slowly attempt to phase out RSA)

Related to #133

Aumetra Weisman · Answer 1 · Sat Nov 11 2023 04:31:10 GMT+0800 (China Standard Time)

The object proof structure should probably follow this structure:

Create kitsune-object-proof crate
Crate uses ed25519-dalek (with the SIMD features activated) for Ed25519 operations
It offers an asynchronous interface by using the kitsune-blocking crate and offloading the operations on the threadpool of cryptographic operations

Aumetra Weisman · Answer 2 · Sat Nov 11 2023 04:34:54 GMT+0800 (China Standard Time)

This would require a redesign of the database and how keys are represented in the database.
Potential structure:

Move keys away from the accounts table itself
Create new table accounts_keys (name can be bikeshedded)

Table structure:

CREATE TABLE accounts_keys (
    key_id TEXT PRIMARY KEY,
    account_id UUID REFERENCES accounts(id) ON DELETE CASCASE ON UPDATE CASCADE,
    public TEXT NOT NULL,
    private TEXT,
    created_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP
);

Where the key_id is the URL as found in the actor.