Comments (2)
The rationale for the current format is that it is binary safe and easy to parse correctly. If I remember correctly, a similar protocol is used by Git internally (and the framing is similar to what we do in BusyBee, although that is not ascii-visible).
I limited fields to ~64K because that information should be more than sufficient to encode any information into a caveat. If it is a third party caveat that contains information that will not fit, it should be provided to the third party in advance and provided a smaller identifier. Alternatively, it could be broken down into multiple third party caveats. Overall, having a fixed size significantly reduces the risk of bugs stemming from arbitrary sizes, and provides ample space for caveats. If there's a concrete example of something that requires more space, I'd be happy to reconsider the space restriction. I could not think of one that wasn't contrived.
Caveats start with a CID packet and then contain at most one VID or CL packet afterwards. It would be easy to future proof the implementation to discard extra packets, but this feels wrong to me. I cannot think of a field type that would be added that couldn't be contained within the location field. I feel pretty safe with just the fields from the paper, because Google is using macaroons internally and did not describe additional fields in their paper. I have no insight into their implementation, but I do believe it follows from the paper.
I'll leave this issue open for further discussion. In my mind, any changes should (ideally) preserve the same level of simplicity, improve robustness, and be outright rejected by the existing parser unless totally compatible with the existing parser.
from libmacaroons.
Merged.
from libmacaroons.
Related Issues (20)
- Seemingly contradictory readme HOT 2
- Cant Build from source HOT 1
- macaroon_deserialize_json is not declared in macaroons.h HOT 2
- serialization produces invalid base64 HOT 4
- macaroon_hash2 has unexpected implementation HOT 3
- pyx function signature error HOT 1
- Leftovers in Go Bindings HOT 1
- Building libmacaroons on OS X HOT 3
- how does it work? HOT 7
- Cookies are different from session IDs HOT 4
- No installation documentation + Linux installation problems HOT 6
- syntax error in VERSION script HOT 2
- third party caveats produce invalid JSON when serialized HOT 1
- python bindings: produce better error when format not recognized HOT 1
- first party caveats are not always checked by verifier HOT 4
- version 1 JSON serialization not supported
- Version 0.4.0 roadmap? HOT 2
- Add pip installation instructions to the README
- Potential undersized buffer
- pkg-config is required HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libmacaroons.