Feature #119
GDP commands and responses should (potentially) be signed
Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Start date:
04/09/2019
Due date:
% Done:
0%
Description
Currently GDP data is signed, but commands and responses are not.
Commands need to be signed in some (but not all) cases to grant special permissions. For example, the ability to delete a log would require owner permission, the ability to migrate a log might require some administrative permission, and the ability to add records to HONGD will require "creation service" credentials. Some commands do not need this; for example, APPEND can sign the data rather than command itself.
Responses will in some cases need to be signed. For example, errors (NAKs) should be signed to prevent DoS attacks. CONTENT replies do not need to be signed since the data itself is.
Related issues
History
#1 Updated by Eric Allman over 4 years ago
- Related to Feature #120: HONGD should be accessed using the GDP network protocol added