Attestation.jar Heroku based validation service #260
Comments
jot2re
added
the
Security
|
I agree but what is this with Heroku? Clarify, did @oleggrib already set up the service using Heroku? |
|
Currently not all security verifications are implemented in the Authenticator. Furthermore, it is not as extensively negatively tested as attestation.jar. So I think we either need to use attestation.jar as the backend verification or we need to make sure all security fixes are up-to-date (in accordance with attestation.jar) on Authenticator. |
I was busy with more urgent tasks for La-Praerie and devconnect and still didnt enable validation for heroku. At my morning I will work on it. Its a quick task. |
|
@nicktaras , @micwallace , you can use https://crypto-verify.herokuapp.com/ to validate ticket+emailAttestation+proof, its request script example: https://github.com/oleggrib/crypto-verify/blob/main/src/request.js |
Currently the the crypto-verify service is based on Authenticator. However, attestation.jar is the primarily reference implementation of the construction and validation of cryptographic aspects. In particular since it is throughly tested with negative tests and since it is the implementation that receives security updates first, it makes sense to use this as the remote verification service.
The text was updated successfully, but these errors were encountered: