Support for certificates with expiration date #219
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #219 +/- ##
==========================================
+ Coverage 93.89% 94.10% +0.20%
==========================================
Files 26 27 +1
Lines 3376 3496 +120
==========================================
+ Hits 3170 3290 +120
Misses 206 206 ☔ View full report in Codecov by Sentry. |
| pub struct Certificate { | ||
| // ID of the node being certified | ||
| pub pub_key: Vec<u8>, | ||
| /// Unix timestamp | ||
| pub expiration: Option<Compact<u64>>, | ||
| } |
There was a problem hiding this comment.
Maybe a bit late, but we could have gone the route of using actual x509 certificates and then use client authentication (mTLS) against the certifier, would have probably been less implementation effort and made it easier to develop 3rd party tools or alternative implementations.
There was a problem hiding this comment.
Could a x509 certificate be only valid for a single nodeID? A certificate should allow for only 1 poet registration per round.
There was a problem hiding this comment.
Yes, a certificate would be for a specific public key until a given expiration date. I don't think the effort to change it now is worth it though.
That's already fixed on the |
Support for certificates with an optional expiration date. A certificate is a scale-encoded combination of the node's ID and (optional) expiration time. If the expiration time is
None, the certificate does not expire.The certifier will create expiring certificates if the expiration duration is set in the config.