13.77906

in cryptography, we often require domain separation for different uses of the same primitives. roughly, this means ensuring that the inputs to a primitive for different purposes cannot overlap. so there are no instances where you can lift a value from one part of the protocol and use it in another.

i’ve been thinking about data confusion - interpreting the same pile of bytes as different types.

there’s the mitigated but still present “proposal.doc.exe” exploit on windows. it’s partly a user interface problem, where the extension is sometimes hidden and sometimes shown, and partly a platform problem, where you can’t safely run arbitrary binaries, and partly a data confusion problem - the user expects to be opening a document and is instead launching a program.

converge, as it stands right now, doesn’t care about or indicate the type of data that’s stored in an object. so if i throw a reference at you, telling you it’s an image, you don’t actually know you’re getting an image. maybe it’d be worth it to add the expected type into the additional data in the deterministic [AEAD]?

of course, that doesn’t stop anyone from creating a new object with the expected type and bad data. it’d just stop using the original object in multiple contexts.

overall, i don’t feel like it’d really provide any benefit. converge eschews ambient authority - it’d be inconvenient to see if anyone you trust had included the object in another. if the idea about claims goes anywhere, maybe it’d be important to include the type of the referent in the claim, but that’s layers up from the core functionality.

published 2023-08-25

← 13.77878
the internet has a fundamental assumption that anyone can send anything to anyone. this assumption has of course been broken at the IP layer by firewalls and NAT, causing no end of headaches for application developers and users. that assumption permeates the whole stack - not only can i send a packet to any computer on the public internet, i can email anybody, i can message anybody on any of the messaging platforms. i can tag anybody on social media. on the internet everybody is next door and can come round whenever they want.

but what if they couldn’t?
13.77934 →
i’ve been wanting a good way to migrate signature keys in converge. ideally a migrating key pair that:
1. signatures can be verified correct with merely the signing public key
2. the migrating secret cannot be derived from the signing secret key
3. even if the migrating public key is known