Say I want to store a link and signature (fingerprint) for a retroshare certificate. How would I go about it?
Tag: load?
Problem: IP address could be revealed to the external server
Another use case might be the import of a signed NMC/BTC address that could change on every request.
Maybe we can work out standard procedures for these.
ToDo: Specification to safely import external data
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: ToDo: Specification to safely import external data
I'm not certain I understand what you're asking. Are you trying to do something like the "import" field, but have it imported from an HTTP URL rather than the blockchain? If so, you'd probably want to supply a hash in the blockchain, and disable such fields in "private mode" like nmcontrol currently does for the "ns" field. If a user really wants to access that data in private mode, they should use Tor.phelix wrote:Say I want to store a link and signature (fingerprint) for a retroshare certificate. How would I go about it?
Tag: load?
Problem: IP address could be revealed to the external server
Another use case might be the import of a signed NMC/BTC address that could change on every request.
Maybe we can work out standard procedures for these.
Re: ToDo: Specification to safely import external data
That's what I am talking about and these are exactly the kind of issues we would have to solve.biolizard89 wrote:I'm not certain I understand what you're asking. Are you trying to do something like the "import" field, but have it imported from an HTTP URL rather than the blockchain? If so, you'd probably want to supply a hash in the blockchain, and disable such fields in "private mode" like nmcontrol currently does for the "ns" field. If a user really wants to access that data in private mode, they should use Tor.phelix wrote:Say I want to store a link and signature (fingerprint) for a retroshare certificate. How would I go about it?
Tag: load?
Problem: IP address could be revealed to the external server
Another use case might be the import of a signed NMC/BTC address that could change on every request.
Maybe we can work out standard procedures for these.
A solution that comes to mind would be an id/ browsing GUI (like https://nameid.org/ or locally via NMControl) that can fetch and verify the data. Hmmm maybe it could be the same thing as for signing files.