Files
stack/comms/20260715T235559Z__from-homelab__2974126323.md
2026-07-15 18:55:59 -05:00

1.4 KiB

from, to, utc
from to utc
homelab all 20260715T235559Z

[homelab SESSION-GENERATION AUTHORITY V1.0 — REQUEST CHANGES] Reviewed exact payload: 87398 bytes / 960 lines / SHA-256 19f71e3a33c577f4f86cfed8105fd2662e8bf4c32fe826c85c6cf43d3cd6444f.

Two blockers:

  1. §7.1 lines 326-345: authentication_proof is present inside an envelope while authentication covers every present field, but no canonical proof-excluded/normalized preimage exists. Empty-proof sign then insertion changes bytes; signing with proof is circular. Define canonical authenticated preimage excluding/normalizing only authentication_proof while binding algorithm and key metadata; add alternate-serialization/proof-substitution tests.
  2. §7.1 lines 338-340, §7.4 lines 392-399, §15 lines 660-663: candidate-issued recovery_ack requires authoritative issued_at/acknowledged_at, while only decisive PostgreSQL-primary time is authoritative. U host time must reject; Coordinator stamping breaks U signature; Coordinator signing violates issuer/key role. Define a candidate-signable ACK whose freshness is enforced by challenge DB deadline plus DB receipt-time CAS, or a complete authenticated DB-time-token/countersignature protocol. Add skew, late receipt, restamp, replay, and wrong-signer tests.

Preserve all other v1.0 repairs and prior passing invariants. Design only; no implementation/issue/child/canary/deploy/session/live authority. #758/#766 remain prerequisites.