Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

config services signature/signers and metadata message types #308

Merged
merged 3 commits into from
Apr 10, 2023
Merged

config services signature/signers and metadata message types #308

merged 3 commits into from
Apr 10, 2023

Conversation

jeffgrunewald
Copy link
Contributor

allow management of signing keys for oracles to verify requests coming to the config server (from the verifier for instance)

This was referenced Mar 21, 2023
Closed
Merged
@jeffgrunewald jeffgrunewald force-pushed the jg/oracle-admin-keys branch 4 times, most recently from b321529 to a5dca32 Compare March 30, 2023 08:02
andymck
andymck approved these changes Mar 30, 2023
View reviewed changes
Copy link
Contributor

@andymck andymck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume the inclusion of signer here is to help with enabling multiple known signing keys to be available rather than assuming a single signing key ?

src/service/iot_config.proto Show resolved Hide resolved
@jeffgrunewald
Copy link
Contributor Author

I assume the inclusion of signer here is to help with enabling multiple known signing keys to be available rather than assuming a single signing key ?

I came around on this from an earlier decision, actually; now that I have an idea of all of the different authorizing keys the config service has to manage I think it makes more sense to have the request or supply it’s own pubkey (should be a cheap operation) and then have the config server only verify the signature of that single key and check for membership of that single key in its collection of authorizing keys (another cheap operation) rather than looping over all of the keys it manages and checking for the one that signed the request (increasingly expensive)

@jeffgrunewald jeffgrunewald force-pushed the jg/oracle-admin-keys branch 4 times, most recently from f2ff75b to 82cb014 Compare March 31, 2023 00:12
@jeffgrunewald jeffgrunewald mentioned this pull request Apr 5, 2023
Merged
1 task
@jeffgrunewald jeffgrunewald force-pushed the jg/oracle-admin-keys branch from 82cb014 to f4301b9 Compare April 5, 2023 14:34
@jeffgrunewald jeffgrunewald changed the title add oracle keytype to mobile_config config services signature/signers and metadata message types Apr 5, 2023
@jeffgrunewald jeffgrunewald force-pushed the jg/oracle-admin-keys branch 3 times, most recently from 97ba0bd to fce7335 Compare April 5, 2023 18:16
@jeffgrunewald jeffgrunewald force-pushed the jg/oracle-admin-keys branch from fce7335 to e6175e6 Compare April 7, 2023 19:25
@jeffgrunewald jeffgrunewald merged commit 40388d2 into master Apr 10, 2023
@jeffgrunewald jeffgrunewald deleted the jg/oracle-admin-keys branch April 10, 2023 19:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bbalser bbalser bbalser approved these changes

@andymck andymck andymck approved these changes

@maplant maplant Awaiting requested review from maplant

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jeffgrunewald @andymck @bbalser