docs(specs): D-1 Acceptance-Gate architecture brief (design-only)#128
Merged
Conversation
added 3 commits
June 2, 2026 19:39
Scope: AAE draft-04 §5 Step 1 (signature verify + signing-authority) + Step 2 (payload/schema/cty). Decisions: #1 JWS-wrapped VC submit-contract (extract blocks from verified payload; component-1 API/raw_canonical impact named); #2 did:web + did:moltrust launch (did:key follow-on); #3 resolve-and-verify with trust-tiering (trusted vs unverified_issuer, no hard-allowlist); #4 scope = steps 1+2 only (step 4 subject-binding + step 9 delegation = follow-ons). PyJWT 2.12.1 (no new dep). Canonicalization clarity: D-1 verifies JOSE-JWS bytes, not JCS raw_canonical. Open sign-off: DID-resolution depth/SSRF/caching, raw_canonical redefinition, trust-tier persistence.
1) DID-resolution SSRF/DoS = same egress-proxy as revocation_check (no new mitigation); did:web gated on proxy, D-1 LAUNCHES did:moltrust-only (no outbound, not proxy-gated). 2) raw_canonical = JWS-payload (trigger structurally unchanged); breaking submit-contract change, only smoke-rows affected. 3) trust-tier = new additive column issuer_trust_tier (trusted/unverified_issuer, analog value_source). 4) did:web VM-dereferencing = new layer (resolver gives raw DID-doc only). Phased launch: A did:moltrust-only now, B did:web when egress-proxy live.
…(design-only) alg-confusion (explicit algorithms=[EdDSA] allowlist, never trust header alg); kid strict DID-URL validation + path-traversal/look-alike protection; canonicalization = exact b64url-decoded payload bytes (never re-serialize); submit rate-limit + per-issuer quota (PK already blocks exact replays); did:moltrust registry SPOF -> key rotation; JSON duplicate-keys reject via object_pairs_hook. Implementation contract, not architecture change.
MoltyCel
added a commit
that referenced
this pull request
Jun 3, 2026
…#129) * feat(d3): D-1 Acceptance-Gate Phase A (did:moltrust JWS verification) acceptance_gate.verify_aae_jws: AAE draft-04 §5 Step1+2 (signature+signing-authority+payload/schema/cty), fail-closed. Hardened: explicit algorithms=[EdDSA] allowlist (no header-alg trust), strict kid DID-URL parsing (path-traversal/look-alike), raw_canonical = exact b64url-decoded payload bytes (never re-serialize), object_pairs_hook duplicate-key reject. did:moltrust resolved via agents.public_key_hex (assertionMethod {did}#key-1); did:web = Phase B NotImplemented. Migration 013 issuer_trust_tier (additive). aae_submit -> {aae_jws} contract, verify before persist, rate-limit. persist_envelope takes raw_canonical bytes + issuer_trust_tier. Removed old split-field test_aae_endpoint.py. Per brief #128. Code+migration+CI only — NOT applied to live. * fix(d3): D-1 code-review folds — JWS size-caps + explicit verify option (design-only) verify_aae_jws: DoS size-caps (JWS<=16KB, payload-b64url<=11000 ~8KB) BEFORE base64-decode/parse/verify; explicit options={verify_signature:True} on PyJWS decode (no library-default trust); pass validated kid var (not header[kid] re-access). Scope-note: temporal exp/nbf = Evaluator (Komponente 2, §5 Step 3), by-design not D-1. Crypto core was review-validated; these are peripheral hardenings. --------- Co-authored-by: Lars Kroehl <kersten.kroehl@cryptokri.ch>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
D-1 Acceptance-Gate — Architektur-Brief, DESIGN-only. Schließt die Lücke: Komponente 1 SPEICHERT issuer_did/envelope_signature, verifiziert sie aber nie. Verweist ADR-D3-v3 (D-1) + AAE draft-04 §5. NICHT CEP-gated (unabhängig baubar).
Scope
AAE draft-04 §5 Step 1 (Signatur-Verifikation + signing-authority) + Step 2 (payload/schema/
cty:"aae+json") — submit-time. Step 4 (subject-binding challenge) + Step 9 (delegation) = explizite Follow-ons.Getroffene Entscheidungen
{aae_jws});raw_canonical= JWS-payload (nicht mehr server-gebaut). API-/Persist-Impact Komponente 1 benannt.Detail + Klarheit
PyJWT 2.12.1 PyJWS (kein neues dep). Step 1: kid→signing-DID→resolve→VM-deref (present/assertionMethod/OKP-Ed25519/sig-valid), alg=EdDSA, signing-DID==issuer. Step 2: cty:aae+json, voller VC-Schema. Canonicalization: D-1 verifiziert JOSE-JWS-bytes (was Issuer signierte), NICHT JCS raw_canonical — 3 Schemata im System explizit dokumentiert.
Offene Sign-off-Punkte
DID-resolution-Tiefe/SSRF/Caching; raw_canonical-Neudefinition + aae_ref-Trigger; trust-tier-Spalte in aae_envelopes; did:web-VM-dereferencing-Tiefe.
Nächster Schritt
Sign-off → ai_review SECURITY (externe Signatur-Verifikation = klassischer Bug-Ort) → Code komponentenweise.
🤖 Generated with Claude Code