-
Notifications
You must be signed in to change notification settings - Fork 1
Key server flow
Joshua Thijssen edited this page Sep 13, 2020
·
2 revisions
This should be pretty much the flow of the keyserver:
key-server:
POST hash(john@acme-inc!)
public-key
server
<authorization-signature>
<mutate-signature>
Does hash exist?
Yes:
mutate-signature present and correct?
Yes:
Update account
return 200: update ok
No:
return 401: no create without mutate-signature
No:
Without organisation? -- ISSUE: We only have a sha256 hash, no info if the address is part of an organisation!!!
Yes:
Create account
return 201: creation ok
No:
check authorization-signature
get info from organisation hash (org-@organisation!)
verify authorization-signature: sha256(hash + server) verify with pubkey organisation
Correct:
is server allowed?
no:
return 401: not allowed for this server
yes:
create account
return 201: creation ok
Incorrect:
return 401: incorrect authorization