Skip to content

Question regarding the signature #50

New issue
New issue
Open
Open
Question regarding the signature#50
@chaodhib

Description

@chaodhib
chaodhib
opened on Mar 1, 2023

Hi,

The spec mentions 3 endpoints: discovery, status and requests (the endpoint to submit a new DSR) . Then there is the callback coming from the data processor to the data controller.

The requests and status endpoints both provide a header X-OpenDSR-Signature in the response. My question are:

  • What is the purpose of that signature in the response of these 2 endpoints? Is it about accountability/auditing purposes?

    • I would assume that preventing a MITM attack would be done by other means (during the TLS handshake, checking that the certificate provided by the data processor is valid, signed by a trusted CA & that the domain matches). Is that correct?

  • Should the controller validate those signatures (the same way it should validate the signature in the callback)? This is unclear in the spec as far as I am aware.

Thank you!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions