parcel-id should be fully qualified #267

npmccallum · 2021-12-16T13:23:55Z

/_i/{bindle-name}@{parcel-id}

It looks to me like the parcel-id field here is an unqualified hash. That is, it is up to the server to implicitly choose which hash algorithm to use. This should not be implicit as subtle security problems can arise from such configurations.

Wisely, because the parcel-id is always specified in the context of a bindle name, this problem is lessened somewhat. But in a content store digests should always be fully qualified (i.e. sha256:...).

The text was updated successfully, but these errors were encountered:

thomastaylor312 · 2022-01-19T19:18:56Z

This is a good point. Right now we only support sha256 but that will likely change to support more in the future. I'll mark this as an enhancement

michelleN · 2022-01-26T20:51:12Z

What would the concrete todo here be?

thomastaylor312 · 2022-01-26T21:07:58Z

2 main things I think:

Change the protocol spec doc to account for this in the API
Update the code to implement the spec change

thomastaylor312 added the enhancement New feature or request label Jan 19, 2022

thomastaylor312 changed the title ~~Is parcel-id fully qualified?~~ parcel-id should be fully qualified Jan 19, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

parcel-id should be fully qualified #267

parcel-id should be fully qualified #267

npmccallum commented Dec 16, 2021

thomastaylor312 commented Jan 19, 2022

michelleN commented Jan 26, 2022

thomastaylor312 commented Jan 26, 2022

parcel-id should be fully qualified #267

parcel-id should be fully qualified #267

Comments

npmccallum commented Dec 16, 2021

thomastaylor312 commented Jan 19, 2022

michelleN commented Jan 26, 2022

thomastaylor312 commented Jan 26, 2022