|
|
|
|
|
|
by Someone
77 days ago
|
|
|
TLDR: the idea is - to have a convention to, instead of signing “payloads, to always sign “type identifier + payload”, to prevent adversaries from reusing your signature to sign the same payload, interpreted as a different type. - use 64-bit type identifiers - put the identifiers in the IDL (may need augmenting IDL to allow that) #1 makes sense to me; #3 also makes sense, as that’s the place where people will have to look to learn about your types. #2, I think, is up for discussion. These could be longer, Java-like strings “com.example.Foo”, or whatever. I think some people also may disagree with the argument that putting type identifiers inside the payload makes messages too large, but I don’t have enough experience on that to make a judgment. |
|
|