|
I think in practice it doesn't work to deserialize only verified data. Snowpack has a mechanism for this but I found it impractical to require all use cases fit this form. I'm not sure exactly what system you're describing, but I hope it doesn't involve hand-marshaling and unmarshaling of data structures. Your requirement (b) seems at odds with forward-compatibility. Lack of forward-compatibility complicates upgrades, especially in federated systems when you cannot expect all nodes to upgrade at once. I might be biased, but it's been possible to write a sufficiently complex system (https://github.com/foks-proj/go-foks) without feeling "tortured." It's actually quite the opposite, the cleanest system I've programmed in for these use cases, and I've tried many over the last 25 years. Never am I guessing how to verify an object, I'm not sure how that follows. I also think it's worth noting that the same mechanism works for MAC'ing, Encryption and prefixed hashing. Just today I came across this IDL code: struct ChunkNoncePayload @0xadba174b7e8dcc08 {
id @0 : lib.FileID;
offset @1 : lib.Offset;
final @2 : Bool;
}
And the following Go code for making a nonce for encrypting a chunk of a large file: pld := lcl.ChunkNoncePayload{
Id: fid,
Offset: offset,
Final: isFinal,
}
hsh, err := core.PrefixedHash(&pld)
if err != nil {
return nil, err
}
var ret [24]byte
copy(ret[:], (\*hsh)[0:24])
return &ret, nil
As in signing, it's nice to know this nonce won't conflict with some other nonce for a different data type, and the domain separation in the IDL guarantees that. |