[RFC] Public key payload format refactoring #191
Comments
neruthes
assigned neruthes, yisiliu, Jack-Works, Artoria2e5, SunriseFox and Misaka-0x447f
|
Could we try to hide pub key in the avatar?
…On Wed, Sep 18, 2019 at 16:51 Neruthes 0x5200DF38 ***@***.***> wrote:
Background
We have seen a few challenges for the current payload format.
- Twitter forbids 🔒 emoji from being used in profile bio.
- Maintaining a list of usable emoji is not graceful.
- We are looking forward to adopting MnemonicWords-based keygen.
Proposal Version Indicating
The public key payload should be accompanied with a leading version
indicator. The version indicator is a base-10 integral number, and a
semicolon is added between it and the payload internal content. We do this
because putting the version indicator in base-64 area may take more
characters to encode.
Emoji Flexibility
The detection of payload should no longer rely on .split('🔒') or
certainty of string payload length, but should prefer
.match(/(\d+):([\dA-Za-z\/\+]+=*)/g).
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#191?email_source=notifications&email_token=ABTAVTO4TC7H4C7KKEWALO3QKHTZHA5CNFSM4IX3SNFKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HMCLETQ>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABTAVTMF2L4DZQFMIWDTCZ3QKHTZHANCNFSM4IX3SNFA>
.
|
|
versioning number can't be very long. hide it in the baseXX string may better for UX, or user always can be attracted by the number, and may thought that this is the lucky number of our team. |
|
But elliptic curve compressed X points do have a fixed binary length… |
We will eventually support algorithm diversity and this is not merely political correctness. |
|
we now use network specific way to compose the key. |
|
Time to continue these discussions. |
@SunriseFox @Jack-Works we just encounter a case on fb with similar problem - better update these soon since users are encounter these problem |
neruthes
changed the title
|
This RFC is open for discussions. Reviews are requested. |
|
Why do we need Version Indicator with in pub key? |
Disambiguation. There is no guarantee that different versions of the public key payload will come in different lengths. |
|
Remember that every emoji is considered 2 characters on both Facebook and Twitter. Speaking of efficiency...
|
|
Current key representation is small enough, what's the problem? |
False Positive. Random Base64 text may be falsely considered as a public key payload if we soften the requirement for emoji presence. |
Base CJK Char is also a good idea. the only tricky part is the culture background |
|
Base4096 can be done with either Hanzi and Hangul. Choose carefully. |
After consulting ppl familiar with Unicode standard, seems like base4096 can only be done in Hanzi & Hangul. |
|
Base4096Hanzi strings may sometimes form up meaningful substrings. This should be avoided. In this sense, Base4096Hangul can be more safe. My conclusion is that Base4096Hangul is the most desirable option. We may add this as an advanced option for users who enable debug mode by adding a switch option in the profile connecting process. |
Again, Hangul may not contain meaningful strings but It's still quiet 🤫 sensitive due to the reason we all know, such as General KJU. One suggestion - if the user choose the specific i18n, such as Chinese / Korean, let them choose this as an advanced options. |
|
"must be an integral multiple of 4" |
Base64
Base4096Hanzi
Base4096Hangul
Base4096Hangul and Base4096Hanzi are equivalent in terms of character efficiency, but Base4096Hangul has better pixel efficiency. The result of Base4096Hangul encoding will take less pixels to render on most devices. Hangul characters are designed to be subtly smaller than Hanzi characters by type designers of most major fonts. The advantage is clear. But we may ask users for their feelings. |
We can implement what’s left of the rfc |
|
Then there will be no difference with the current public key payload. This RFC is for further improvements. |
|
These 2 won’t improve UX for most users.
…On Sat, Dec 7, 2019 at 23:07 Neruthes 0x5200DF38 ***@***.***> wrote:
Then there will be no difference with the current public key payload.
This RFC is for further improvements.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#191?email_source=notifications&email_token=ABTAVTOT3KQWEH4YZEOJCLTQXO32BA5CNFSM4IX3SNFKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEGGIXGY#issuecomment-562858907>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABTAVTMXJD3WK26OHVFSNSDQXO32BANCNFSM4IX3SNFA>
.
|
|
Remember that this is to solve false positive. |
|
This RFC has received substantial updates and is mostly ready for delivery. Reviews are requested. |
For Instead, we should start to consider these:
Don't waste time on these standards that general user don't care. Most part of this RFC should be dismissed since it's way too early -- besides the Emoji Flexibility OR For later: We can spend some time thinking about human readable identifiers -- A hard task and we may not have any good ideas for now. |
It's for easier machine detections. We will also need to use the same format in Tessercube as a standard.
I agree. We discussed this months ago and we have already come to the conclusion that this was not useful at least for now. However, as you mentioned here, non-geeky users will be happy to have their public key in their native chars - are you serious about this conclusion? Does it mean Korean users would be happy to have a Hangul based public key instead of Latin characters? Please clarify this.
Yes, we need it for now since it is not finalized yet.
I've proposed another public key format as
These are worth discussing but since we have already come to a conclusion, we should reopen this conversation once we face challenges putting Latin based public keys in those giant SNS. |
|
|
I am closing all my RFCs since Meta/Article-3: RFC Peer Review Convention has been abolished. I assume that everyone agrees that this is not worth discussing for now. Some discussions may be restarted, if necessary, after Meta/Bill-4: DSD Peer Review Convention is ratified. In the meantime, if there is any question with documentation and workflow, please consult @yisiliu. Thanks for everyone who has engaged in the discussions so long. |
Metadata
Abstract
We have seen a few challenges for the current payload format. And it is time to design a new one.
Background
Basic Ideas
Version Indicating
The public key payload should be accompanied with a leading version indicator.
Emoji Flexibility
The detection of payload should no longer rely on
.split('🔒')or certainty of string payload length, but should prefer.match(/(\d+):([\dA-Za-z\/\+]+=*)/g).Detection shall not rely on external payload.
Structure of Internal Payload
Magic Header
The magic header is
31AB24, which will becomeMaskafter Base64 encoding.Version Indicator
Starting from
0x01.Actual Public Key
33-byte compressed SECP256K1 public key. Trailing padding characters should be removed.
Checksum
Append one checksum byte. Calculate the SHA-256 hash of all bytes afore as 𝐇 (a sequence of 256 bits), and get
𝐇.slice(8, 16)as the checksum byte.Structure of External Payload
We make network-specific external payloads.
🔒${ internal_payload }🔒🎭${ internal_payload }🎭Example
31AB24 01 ED3A2ECE8013ED335741C1D7A78C0C32546C3D56FCFDE0348A3288D89B5D5BFB45 7C🔒MaskAe06Ls6AE+0zV0HB16eMDDJUbD1W/P3gNIoyiNibXVv7RXw🔒 (length: 51+2)
🔒꼚뜤갞뤺껬몀괾뤳녴귁륺뎌곃깔닃륖믏맠꽈똲뒍뒛뇕럻끗렀🔒 (length: 26+2)
🔒儚夤丞嬺僬岀伾嬳却俁孺喌仃偔哃孖巏寠先堲嚍嚛叕姻剗娀🔒 (length: 26+2)
The text was updated successfully, but these errors were encountered: