Skip to content

Signature digest calculation varies

AFAICT

  • (At least some) ED signatures eg router-sig-ed25519 have a fixed string prefix included in their digest but RSA signatures do not. netdocs are not readily confusible for other protocol items, but it is fine to have a specific prefix. But, IMO, there should be one fixed prefix which should be used for all netdoc signatures - after all a netdoc's type is evident from its introductory keyword.

  • ED signatures eg router-sig-ed25519 stop after the after-keyword space; RSA signatures eg router-signature include the item line arguments (of which there are none specified) and the newline. I can see no reason to include the signature item keyword, and including the optional arguments is a hazard to extensibility. The digest should stop at the start of the first signature item. That would make the parsing uniform.

  • (Also there should be a standard way to identify a signature item so that future code can skip over unknown ones and not include them in digests.)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information