Whenever a server send a signed delta (whether that be due to broadcasting an update as the host, or submitting a delta as the remote) the receiving server must be able to verify the delta, so must have the corresponding certificate (signer info) for the signer id encoded into the signed delta.
Whether the server gets this through being posted the signer info (postSignerInfo) or whether it has to request it (getDeltaSignerInfo) depends on where the wavelet is hosted -- it is up to the remote server to ensure that all the certificates in place, i.e. the host server should never have to worry about distribution of certificates. So the remote must getDeltaSignerInfo if it receives an update with a missing certificate, and postSignerInfo on every submit. So, two separate issues with this: previously (up until a9597f31ff) there was a rather bad shortcut taken to avoid the complications of callbacks/queuing (tight time schedule :), where certificates were posted to remove servers from the host on updates. This has been fixed. The other issue is (as Tad noticed) a certificate is posted with every submit. This is necessary based on an assumption that the host doesn't have our certificate, since we have no way of knowing this. It's also somewhat realistic given that FedOne servers don't persist certificates. However, once we formalise an error spec (soon) and FedOne/Google supports propagation of error messages/codes (soon), the plan is for the host to reject signed deltas with are missing signer info with a recognisable error code, so that the remote can then send the signer info only when required. Hope that made sense :-) -- Ben On Sun, Nov 8, 2009 at 7:20 AM, Daniel Danopia <[email protected]> wrote: > > This is funny because Sails hasn't gotten a single certificate in over > a week from FedOnes, since FedOne requests them now xD > > On Nov 6, 8:28 pm, Tad Glines <[email protected]> wrote: > > It looks like FedOne will post signer info to the fed host every time > > it sends a delta. > > This seems very inefficient. It seems to me that FedOne should only > > send signer info as a result of a direct request. > > > > I thought I might have seen an issue or code review request related to > > this, but I couldn't find it. > > > > -Tad > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Wave Protocol" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/wave-protocol?hl=en -~----------~----~----~----~------~----~------~--~---
