Forum signature must cover the timestamp

akwizgran
2015-04-24 16:04:32 +00:00
parent 9bea3ac07d
commit 71589ce63f

@@ -20,7 +20,7 @@ The client identifer is random:
**3: POST** - The content is a list with two elements: `content` (list) and `signature` (raw). `content` is a list with three elements: `parent_id` (raw, may be null), `body` (string), and `attachments` (dictionary, may be null). If `parent_id` is not null, it is the identifier of a post to which this is a follow-up. Each key in `attachments` is the name of an attachment, and the value is a list with two elements: `mime_type` (string) and `message_id` (raw).
`signature` is calculated over a list with three elements: `blog` (list), `timestamp` (int), and `content` (list). `blog` and `content` are described above. `timestamp` is the timestamp from the [message header](BSP#message-format).
`signature` is a signature with `public_key`, calculated over a list with three elements: `blog`, `content`, and `timestamp` (int). `blog` and `content` are described above. `timestamp` is the timestamp from the [message header](BSP#message-format).
**4: ATTACHMENT** - The content is raw data.
@@ -31,7 +31,7 @@ The client identifer is random:
* An invitation is valid if it is well-formed.
* A response is valid if it is well-formed and it references a valid invitation created by the opposite peer.
* A departure is valid if it is well-formed and it references a valid invitation created by either peer.
* A post is valid if it is well-formed, its parent (if any) is a valid post, and it carries a valid signature over its content.
* A post is valid if it is well-formed, its parent (if any) is a valid post, and it carries a valid signature.
* An attachment is always valid.
Note that a post can be validated before its attachments have been received, and an attachment can be validated before it has been completely received.