From 71589ce63fd76ab45edf06839dbe401fd96c9586 Mon Sep 17 00:00:00 2001 From: akwizgran Date: Fri, 24 Apr 2015 16:04:32 +0000 Subject: [PATCH] Forum signature must cover the timestamp --- BlogClient.markdown | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/BlogClient.markdown b/BlogClient.markdown index 0c4ac79..7a2f908 100644 --- a/BlogClient.markdown +++ b/BlogClient.markdown @@ -20,7 +20,7 @@ The client identifer is random: **3: POST** - The content is a list with two elements: `content` (list) and `signature` (raw). `content` is a list with three elements: `parent_id` (raw, may be null), `body` (string), and `attachments` (dictionary, may be null). If `parent_id` is not null, it is the identifier of a post to which this is a follow-up. Each key in `attachments` is the name of an attachment, and the value is a list with two elements: `mime_type` (string) and `message_id` (raw). -`signature` is calculated over a list with three elements: `blog` (list), `timestamp` (int), and `content` (list). `blog` and `content` are described above. `timestamp` is the timestamp from the [message header](BSP#message-format). +`signature` is a signature with `public_key`, calculated over a list with three elements: `blog`, `content`, and `timestamp` (int). `blog` and `content` are described above. `timestamp` is the timestamp from the [message header](BSP#message-format). **4: ATTACHMENT** - The content is raw data. @@ -31,7 +31,7 @@ The client identifer is random: * An invitation is valid if it is well-formed. * A response is valid if it is well-formed and it references a valid invitation created by the opposite peer. * A departure is valid if it is well-formed and it references a valid invitation created by either peer. -* A post is valid if it is well-formed, its parent (if any) is a valid post, and it carries a valid signature over its content. +* A post is valid if it is well-formed, its parent (if any) is a valid post, and it carries a valid signature. * An attachment is always valid. Note that a post can be validated before its attachments have been received, and an attachment can be validated before it has been completely received.