Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add scoping for window.ipfs.name.publish and window.ipfs.key #452

Closed
lidel opened this issue Apr 13, 2018 · 8 comments
Closed

Add scoping for window.ipfs.name.publish and window.ipfs.key #452

lidel opened this issue Apr 13, 2018 · 8 comments
Labels
area/window-ipfs Issues related to IPFS API exposed on every page status/deferred Conscious decision to pause or backlog topic/security Work related to security

Comments

@lidel
Copy link
Member

lidel commented Apr 13, 2018

Problem

  • window.ipfs.name.publish enables sites to publish content to IPNS
  • keys can be listed via ipfs.keys.ls
  • this results in sites being able to publish arbitrary CID under any key
    • v2.2.0 assumes ACL dialog asking for access too ipfs.name.publish and ipfs.keys.ls is enough, shifting responsibility to user

This PoC will use default key and publish under your PeerID:

ipfs.name.publish('/ipfs/QmbWqxBEKC3P8tqsKc98xmWNzrzDtRLMiMPL8wBuTGsMnR', (err, name) => console.log(err, name))

Potential Solutions

  • leave it as-is (shifting responsibility to user does not smell good)
  • fix it: ipfs.keys and ipfs.name.publish should be scoped in a fashion similar to ipfs.files
    • website should not be able to sniff out what keys are in my possession
    • names of keys generated via window.ipfs.key.gen should be prefixed with unique scope and everything that is not in scope should be filtered out in all window.ipfs.keys.*
    • ipfs.name.publish defaults to self key if key name is not provided which means publishing to /ipns/<PeerID>
      • should this behaviour should be left intact? if so, we need to generate a new key just for the current scope and explicitly add it to the call behind the scenes.

cc @alanshaw

@lidel lidel added topic/security Work related to security area/window-ipfs Issues related to IPFS API exposed on every page labels Apr 13, 2018
@lidel
Copy link
Member Author

lidel commented May 23, 2018

For now we will disable key and name.publish and keep this issue open until proper sandboxing is implemented.

lidel added a commit that referenced this issue May 23, 2018
- ideally we want to move API whitelist to ipfs-postmsg-proxy
- closes #478
- mitigates #452
lidel added a commit that referenced this issue May 23, 2018
- ideally we want to move API whitelist to ipfs-postmsg-proxy
- closes #478
- mitigates #452
@lidel lidel added the status/deferred Conscious decision to pause or backlog label Sep 22, 2018
@edrex
Copy link

edrex commented Nov 29, 2018

This is the missing piece to allow apps to mutate a data set ala Beaker right?

CC @Jermolene

@lidel
Copy link
Member Author

lidel commented Nov 29, 2018

@edrex Yes, basically scoping ipfs.name.publish and ipfs.key aims to enable web apps to create an app-specific key(s) and use it to publish content to /ipns/<keyid>.

Digression: restoring those APIs in window.ipfs was on the back-burner because js-ipfs does not support IPNS yet (but we are really close, see ipfs/js-ipfs#209 (comment) ✨) and we want to deliver the same API experience when user switches between js-ipfs and go-ipfs backends.

@satazor
Copy link

satazor commented May 20, 2019

@lidel Now that js-ipfs supports IPNS, can we resume the discussion around this topic? To give you some context, both ipfs.name.publish and ipfs.key is used by https://github.com/ipfs-shipyard/nomios-web, a Identity Wallet based we are building. More specifically, we need to be able to import the key that controls your DID to be able to update it, via IPNS publish.

Using companion would improve the experience, specially in workshops were things work really fast inside the same network. I will be giving a workshop in IPFS Camp about Nomios and would be really nice if we could use companion 🙏

@lidel
Copy link
Member Author

lidel commented May 20, 2019

@satazor we can add ipfs.name.publish, however ipfs.key is bit tricky, depending on which subcommands you need. AFAIK go-ipfs v0.4.20 does not support key import and key export.
Do you need those in Nomios?

@satazor
Copy link

satazor commented May 20, 2019

Thanks for the quick response. Yes we need to be able to import a key in order to publish a IPNS record with it (it’s different than the one used to identify the peer). Note that we only need to import it because ipfs.name.publish only supports custom keys via name and not via pkcs8 pem directly, which is unfortunate.

@lidel
Copy link
Member Author

lidel commented May 22, 2019

@satazor if you need import/export to work with go-ipfs, then we need ipfs/kubo#4240 (comment) to get addressed first.

If you are okay with doing the demo with js-ipfs, then we can add it and release before IPFS Camp.
Do you have sample key and JS code I could use for testing?

@lidel
Copy link
Member Author

lidel commented Oct 19, 2020

Closing due to #589 (comment)

IPNS resolution via js-ipfs running on a page in web browser is tracked in ipfs/js-ipfs#2921

@lidel lidel closed this as completed Oct 19, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/window-ipfs Issues related to IPFS API exposed on every page status/deferred Conscious decision to pause or backlog topic/security Work related to security
Projects
None yet
Development

No branches or pull requests

3 participants