Require hash of JSON-LD context #146
Conversation
There was a problem hiding this comment.
I think this requirement may encourage less contribution, and the format of the hash is not defined sufficiently.
Would need to see a link to the standard used for hashing to consider, support for multiple hashing algorithms seems like it would make everyones life a lot worse.
|
Would definitely love to be able to specify how to do the hashing. But if we're not going to add this to the Registries, we need to take the text out of the DID Core spec. |
|
@rhiaro to be clear, I won't approve "a cryptographic hash"... but I would approved "sha256 base64url encoded"... saying a hash must be included is not helpful unless a single format for the hash is described. |
|
The same guidance should be applied in did core. |
|
blocked by w3c/did#464 |
|
PR is up in did core for w3c/did#485 |
|
https://github.com/w3c/did-core/pull/485/files was merged. @rhiaro can you please review my requested changes and align with did core as needed? |
rhiaro
force-pushed
the
feature/context-hash
branch
from
721e72a to
d8f42c8
Compare
|
@OR13 I've added the bit about how to compute the hash that you put in DID Core. I think we can probably take this out of DID Core now (made a separate PR). |
|
@rhiaro your PR in DID Core, does not match the integrity format proposed here: https://github.com/w3c/did-core/pull/534/files Specifically you propose IPFS or Hashlink as solutions which is not described here. I see a couple paths forward:
|
|
The PR to DID core was modified (and then merged), so it no longer mentions IPFS or Hashlink. (It wasn't a requirement though, just a security suggestion - and applied to any external links, not just JSON-LD, and I had just paraphrased that out of the VC spec, by the way, which has a similar problem.. but I guess times have changed :)
So, there was at some point a desire to suggest JSON-LD contexts are integrity protected, as a MITM on the context being fetched over the network is an attack vector. So language was added about hashing contexts and checking against them. But that wasn't specific enough, and you added very specific language about how to do it. I'm a bit concerned about the options:
Is there a 4. I'm missing? Is one of these not as bad as the others?
|
|
@rhiaro my main issue with the language is that when telling people to register a URL with integrity protection, if we don't tell them 1 way to do it, we will get the following, which is undoubtably the worst option:
the problem is that this is a registry.... so we should either have 1 way of doing things nicely.... or we shouldn't take registrations with integrity checking.... |
|
Hesitant to compute the hash for the /v1/ jsonld context, as we may still be changing that. Is there another one I should add? Wouldn't it be the remit of the extension submitters do that themselves really, once the requirements are updated? If we remove the requirement altogether, are we acknowledging there is no security vulnerability issue here, or that there is a security vulnerability issue that we're not telling people how to address? |
|
@rhiaro we are not acknowledging prototype pollution, MITM, DNS poisoning, etc... all of which are relevant to loading ANY JSON over a network... for that reason I would suggest not including this section.... because its implying that we are addressing security concerns when in fact, we are not really. |
|
I would be ok with a paragraph stating: Each representation has its own security concerns. Implementers should be aware of common attacks on each representation before attempting an implementation.
|
|
That's fine. There is already a bit in the Core spec about implementations should cache contexts locally, and this is best/common practice, so I'm convinced we don't need to mention the hashing stuff in the Registries. Happy to close this PR without further action. |
|
yes, suggest closing. |
|
closing feel free to reopen, i expect we may need to do some editorial cleanup after #183 |
For a while there has been language in the DID Core spec about the JSON-LD context in the Registries being associated with a hash. Currently it's in JSON-LD consumption but in w3c/did#436 its moved to production:
In w3c/did#403 Ivan points out that the DID Core spec can't make this requirement of the Registries. So I have added it as a requirement of the registration process in this PR. The DID Core spec can then add language about checking against the hash in JSON-LD consumption if necessary.
I think this then means the Registries needs to display the hash somewhere? It's gonna get messy for every one but maybe we can find some nice css/js to collapse them or something.
Preview | Diff