Bitmessage/PyBitmessage-2024-12-21
Archived
2
0
Fork 0
Code Issues 168 Pull Requests 52 Actions Packages Projects Releases 5 Wiki Activity

Revocation bitfield #1444

New Issue
Open
opened 2019-03-20 09:17:13 +01:00 by PeterSurda · 0 comments
PeterSurda commented 2019-03-20 09:17:13 +01:00 (Migrated from github.com)
Copy Link

If a BM address is used for long-term authentication, there is a need to revoke it in case it gets compromised. Obviously, it is easy to create a new one, but there also should be a way to indicate to the user that an old address shouldn't be used.

The easiest way, in my opinion, is to add a new bitfield to an address, say BITFIELD_REVOKED, which can be turned on but not off (there needs to be some additional protection in the code so that simply editing keys.dat won't turn it off). The UI would then signal to the sender that they shouldn'd use it.

  • Bitfield deifnition and a coresponnding variable in keys.dat
  • UI for turning it on with warning and confirmations
  • UI for showing (on the owner side) that an address is revoked, similarly to how disabled addresses are grayed out
  • after revoked, a new pubkey object should be sent immediately, not only after the old one expires
  • Protection against turning it off in BMConfigParser
  • Protection against turning it off in some other way
  • objectProcessor should handle the bitfield and flag entries in the addressbook (may require additional colums in addressbook table). It should also protect the flag/bitfield from being turned off after it is on
  • messagelist should change background color for messages from revoeked addresses (maybe only after revocation date?)
  • Send tab should complain or perhaps even grey out the send button if a revoked address is used
  • Autoreply?
  • some other things I'm missing?
If a BM address is used for long-term authentication, there is a need to revoke it in case it gets compromised. Obviously, it is easy to create a new one, but there also should be a way to indicate to the user that an old address shouldn't be used. The easiest way, in my opinion, is to add a new bitfield to an address, say BITFIELD_REVOKED, which can be turned on but not off (there needs to be some additional protection in the code so that simply editing keys.dat won't turn it off). The UI would then signal to the sender that they shouldn'd use it. - [ ] Bitfield deifnition and a coresponnding variable in keys.dat - [ ] UI for turning it on with warning and confirmations - [ ] UI for showing (on the owner side) that an address is revoked, similarly to how disabled addresses are grayed out - [ ] after revoked, a new pubkey object should be sent immediately, not only after the old one expires - [ ] Protection against turning it off in BMConfigParser - [ ] Protection against turning it off in some other way - [ ] objectProcessor should handle the bitfield and flag entries in the addressbook (may require additional colums in addressbook table). It should also protect the flag/bitfield from being turned off after it is on - [ ] messagelist should change background color for messages from revoeked addresses (maybe only after revocation date?) - [ ] Send tab should complain or perhaps even grey out the send button if a revoked address is used - [ ] Autoreply? - [ ] some other things I'm missing?
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
bug

Something isn't working as it's supposed to

  
build

Related to building or build system

  
dependencies

Pull requests that update a dependency file

  
developers

The issue is relevant mainly for developers rather than users

  
documentation

   
duplicate

   
enhancement

New feature

  
formatting

Code or UI text formatting

  
invalid

   
legal

   
mobile

Frontend for mobile devices (kivy)

  
obsolete

   
packaging

   
performance

   
protocol

Protocol change

  
question

   
refactoring

   
regression

Some issue, fixed in the past, appears again

  
security

   
test

   
translation

   
usability

   
wontfix
No Label
bug
build
dependencies
developers
documentation
duplicate
enhancement
formatting
invalid
legal
mobile
obsolete
packaging
performance
protocol
question
refactoring
regression
security
test
translation
usability
wontfix
Milestone
Clear milestone
No items
No Milestone
v1.0.0
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Bitmessage/PyBitmessage-2024-12-21#1444
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?