| JanZerebecki added a comment. |
Why omit the revision ID of the predicate/property?
In T138708#2426549, @daniel wrote:In T138708#2424766, @JanZerebecki wrote:Why use a sha1 instead of inlining the normalized serialization in the text to sign?
Because that doubles the size of the serialization of a statement.
Would that part need to be stored?
If the sha1 is used how do you reconstruct what it was composed of?
Why add the current date and time?
For completeness. It's nice to know when something was signed, I think.
Why is the one in the GPG signature not sufficient
Why add the signer's identity?
It should be visible *somewhere*, right?
Why is the one in the GPG signature not sufficient?
How do you revoke a signature?
By removing the snak that contains the signature.
Then how do you counter replaying the signature?
Or by revoking the key.
What to do about all the other signatures that the signer wants to convey they think are still true?
How do you guard against being able to send the user only a selective part of the signatures?
Can you elaborate?
If you carefully select only some true statements will a conclusion based on them change in your intended way?
How do you verify what a revision contains and that the revision wasn't changed?
By signing parts of that revision. I don't currently have a solution for labels and descriptions, except copying them into the signed text.
Why only parts? How would that be done, by inlining or hashing and chaining or something else?
Cc: jayvdb, Scott_WUaS, tfmorris, Spinster, TomT0m, Denny, Eloquence, JanZerebecki, T.seppelt, Aklapper, daniel, Zppix, Lydia_Pintscher, D3r1ck01, Izno, Wikidata-bugs, aude, TheDJ, Mbch331
_______________________________________________ Wikidata-bugs mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
