Hi, In the current p2psip-base-26, the past paragraph of section 7.4.2.2: There is one subtle point about signature computation on arrays. If the storing node uses the append feature (where the index=0xffffffff), then the index in the StoredData that is returned will not match that used by the storing node, which would break the signature. In order to avoid this issue, the index value in the array is set to zero before the signature is computed. This implies that malicious storing nodes can reorder array entries without being detected. is even more critical to Store requests, thus should not be in the description of Fetch response. It should be moved to section "7.1 Data Signature Computation" and reiterated in section 7.4.1.1 and 7.4.2.2. A use case would be Certificate By User. Only the certificate owner can sign the StoredDataValue, which often has the array index of 0xffffffff for appending. Since the responsible peer will change the array index, the above paragraph becomes critical to both signing and verification. Thanks --Michael
_______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
