Add mechanism to verify metadata independently. #28
Comments
|
@Slesarew Could you please explain more about verifier certificate? What is general certificate and how is it generated and used? |
|
Verifier certificate is just an asymmetric key that is used to sign metadata as proof of generated update authorship. Currently, it is any of Substrate-supported keypairs. These could be generated normally, using General verifier is just the first certificate accepted by Signer - it comes with pre-installed certificate from Parity, but could be replaced with any other (this is encouraged really so that we stay distributed). It gives slightly more flexibility to the user, effectively reflecting higher trust level to the issuer compared to other certificates. See here for more detailed explanations https://github.com/varovainen/parity-signer/blob/2022-05-25-uos/docs/src/development/UOS.md#verifiers - this will be merged to master soon and appear in Signer docs, so the link might break sooner than later. |
Now that we have metadata published and other developers can deploy forks and mirrors of this portal, we should start building usable infrastructure for verifying metadata validity. We currently use some development tools for this on metadata updates, but we should make metadata verification easily accessible for everyone even if they are not subscribed to our verifier certificate.
Thus, we should:
[ ] Add metadata hash to update screen
[ ] Add metadata hash identicon to update screen (it's just normal polkadot identicon build on metadata hash - it's 2 hashed in a row, sacrifice elegance for modularity)
[ ] Make some tool(s?) users can use to query metadata hash through rpc calls locally or from web
[ ] Add same information (and tools?) to popular places like polkadot-js website
The text was updated successfully, but these errors were encountered: