Skip to content

Key manager ArtiPaths underscore ambiguity: key names and also separator

The following discussion from !1660 (closed) should be addressed:

  • @nickm started a discussion: (+1 comment)

    Hm. I would strongly suggest having a (non-C-identifier) separator of some kind between the role and the metadata. Otherwise, we risk an error later on if we ever introduce a role whose encoding is a prefix of another role's.

    For example, suppose we have KS_hss_ntor and KS_hss_ntor_plus. The arti_pattern for the first key would be KS_hss_ntor*, which would also match every KS_hss_ntor_plus key.

    (We would have the same problem if the separator were _. Maybe @ or # or /?)

    This kind of issue makes me think that we need to be really careful when we encode things in paths like this: we have the potential to lose a lot of information when we concatenate strings, and we need to make sure that our concatenations are revsersible.