On Feb 23, 2014, at 12:09 AM, Benoit Chesneau <[email protected]> wrote:
> OldDoc means the doc you fetch when you issue a GET before the update That’s ambiguous if there are conflicts. The way I’ve implemented it in Couchbase Lite and the Sync Gateway is that it’s the nearest ancestor of newRev that already exists in the database. Which I believe agrees with Alexander’s definition. I’m now in the unhappy position that my current spec for signed documents[1] is not enforceable with a CouchDB validation function. The issue is that the signed data of the document has to include the parent revision ID. If it doesn’t, there’s a replay attack where an attacker can take an older revision of a document they don’t own and PUT it back to the database as the current revision. (Git and Mercurial encode a commit’s parent ID(s) as part of its ID for the same reason.) So to validate a revision’s signature, the true parent revID has to be known to the validation function. But this isn’t necessarily the same as oldDoc[‘_rev’]: if the database didn’t previously have the direct parent revision, oldDoc will instead be the last known ancestor, not the parent. —Jens [1]: https://github.com/couchbase/couchbase-lite-ios/wiki/Signed-Documents
