Skip to content

Spec: add key revocation, key distribution, size limits, replay enfor…#2

Merged
jaschadub merged 1 commit into
mainfrom
security/p3-spec
May 15, 2026
Merged

Spec: add key revocation, key distribution, size limits, replay enfor…#2
jaschadub merged 1 commit into
mainfrom
security/p3-spec

Conversation

@jaschadub
Copy link
Copy Markdown
Contributor

@jaschadub jaschadub commented May 15, 2026

…cement

Defense-in-depth additions (no wire-format change).

  • §4.1 model_hash now constrained to "sha256:" + hex of weights, omitted otherwise (no more signature-binding theatre on an undefined field).
  • §4.3 (new) Size limits: pin JSON ≤ 64 KiB, extra ≤ 32 entries, key ≤ 128 B, value ≤ 1 KiB, vec_dim ≤ 2^20, sig exactly 64 B.
  • §5 step 0 makes size-limit enforcement a verifier MUST before parsing; step 7 requires verifiers to MUST-check vectorpin.{record,collection, tenant}_id against caller-supplied expected values.
  • §5 adds KEY_EXPIRED, RECORD_MISMATCH, COLLECTION_MISMATCH, TENANT_MISMATCH, PARSE_ERROR to the required failure-mode taxonomy.
  • §7 split into rotation and revocation; introduces (valid_from, valid_until) registry semantics so a compromised key invalidates post-compromise pins without invalidating historical ones.
  • §10 (new) Key distribution: fingerprint format, transparency-log SHOULD, TOFU NOT RECOMMENDED, per-tenant kid separation SHOULD.
  • §9 security considerations updated to reference §4.3 DoS limits, §7 revocation window, and §5 step 7 replay enforcement.
  • §11 versioning adds an explicit downgrade-resistance argument.

Wire format unchanged; existing pins continue to verify.

@jaschadub
Spec: add key revocation, key distribution, size limits, replay enfor…
1b683c3 
…cement

Defense-in-depth additions (no wire-format change).

- §4.1 model_hash now constrained to "sha256:" + hex of weights, omitted
  otherwise (no more signature-binding theatre on an undefined field).
- §4.3 (new) Size limits: pin JSON ≤ 64 KiB, extra ≤ 32 entries,
  key ≤ 128 B, value ≤ 1 KiB, vec_dim ≤ 2^20, sig exactly 64 B.
- §5 step 0 makes size-limit enforcement a verifier MUST before parsing;
  step 7 requires verifiers to MUST-check vectorpin.{record,collection,
  tenant}_id against caller-supplied expected values.
- §5 adds KEY_EXPIRED, RECORD_MISMATCH, COLLECTION_MISMATCH,
  TENANT_MISMATCH, PARSE_ERROR to the required failure-mode taxonomy.
- §7 split into rotation and revocation; introduces (valid_from,
  valid_until) registry semantics so a compromised key invalidates
  post-compromise pins without invalidating historical ones.
- §10 (new) Key distribution: fingerprint format, transparency-log
  SHOULD, TOFU NOT RECOMMENDED, per-tenant kid separation SHOULD.
- §9 security considerations updated to reference §4.3 DoS limits,
  §7 revocation window, and §5 step 7 replay enforcement.
- §11 versioning adds an explicit downgrade-resistance argument.

Wire format unchanged; existing pins continue to verify.
@jaschadub jaschadub merged commit 9f25568 into main May 15, 2026
5 checks passed
@jaschadub jaschadub deleted the security/p3-spec branch May 15, 2026 05:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jaschadub