Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change version IDs to use the discovery keys instead of core keys #265

Closed
1 of 3 tasks
gmaclennan opened this issue Sep 13, 2023 · 0 comments · Fixed by #290
Closed
1 of 3 tasks

Change version IDs to use the discovery keys instead of core keys #265

gmaclennan opened this issue Sep 13, 2023 · 0 comments · Fixed by #290
Assignees
@gmaclennan

Comments

@gmaclennan
Copy link
Member

Description

Core keys should be considered "sensitive" data. They are the authentication mechanism to replicate a hypercore. We have additional layers of security with the project key, encryption of hypercores, and the capabilities check before any cores are replicated, but it seems like we should still treat hypercore keys carefully.

Currently we use the hypercore key as part of the version ID. The risk is that we export data including the version ID without realizing its sensitive nature.

Tasks
@gmaclennan gmaclennan self-assigned this Sep 13, 2023
@gmaclennan gmaclennan mentioned this issue Sep 13, 2023
Closed
gmaclennan added a commit that referenced this issue Sep 15, 2023
@gmaclennan
fix: change version IDs to use the discovery keys
20907ba 
Fixes #265

Depends on https://github.com/digidem/mapeo-schema/pull/145 and
updating mapeo-schema

Contains fixes for @mapeo/schema@3.0.0-next.9
(renamed project -> projectSettings)
@gmaclennan gmaclennan mentioned this issue Sep 15, 2023
Closed
@gmaclennan gmaclennan linked a pull request Sep 15, 2023 that will close this issue
fix: change version IDs to use the discovery keys #271
Closed
@gmaclennan gmaclennan mentioned this issue Sep 15, 2023
Closed
This was referenced Sep 28, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gmaclennan gmaclennan

Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@gmaclennan