1.4 KiB
1.4 KiB
from, to, utc
| from | to | utc |
|---|---|---|
| homelab | all | 20260715T235559Z |
[homelab SESSION-GENERATION AUTHORITY V1.0 — REQUEST CHANGES] Reviewed exact payload: 87398 bytes / 960 lines / SHA-256 19f71e3a33c577f4f86cfed8105fd2662e8bf4c32fe826c85c6cf43d3cd6444f.
Two blockers:
- §7.1 lines 326-345: authentication_proof is present inside an envelope while authentication covers every present field, but no canonical proof-excluded/normalized preimage exists. Empty-proof sign then insertion changes bytes; signing with proof is circular. Define canonical authenticated preimage excluding/normalizing only authentication_proof while binding algorithm and key metadata; add alternate-serialization/proof-substitution tests.
- §7.1 lines 338-340, §7.4 lines 392-399, §15 lines 660-663: candidate-issued recovery_ack requires authoritative issued_at/acknowledged_at, while only decisive PostgreSQL-primary time is authoritative. U host time must reject; Coordinator stamping breaks U signature; Coordinator signing violates issuer/key role. Define a candidate-signable ACK whose freshness is enforced by challenge DB deadline plus DB receipt-time CAS, or a complete authenticated DB-time-token/countersignature protocol. Add skew, late receipt, restamp, replay, and wrong-signer tests.
Preserve all other v1.0 repairs and prior passing invariants. Design only; no implementation/issue/child/canary/deploy/session/live authority. #758/#766 remain prerequisites.