Broken design pattern in the certificate.proto #611

robszewczyk · 2024-10-15T22:05:59Z

Problem

Version 1.4 of the DCL introduced extensions to certificate.proto :

  bool isNoc = 15;
  uint32 schemaVersion = 16;

The design pattern is short-sighted and error prone:

extending this pattern to other types of PKI would suggest additional key types are specified through boolean flags -- e.g. isVidSigner
specifying additional flags gets very problematic in cases where exactly one of the flags must be true.
consumers of the API are lulled into a false sense of security w.r.t. default cases -- even in the current design, the client deduces that the certificate comes from the DA PKI by checking isNoc == false. This scheme is destined to break backward compatibility if we introduce any additional certificate chain.

Introduce enumeration CertificateType. On day 0, that enumeration would have three values:

enum CertificateType {
    DeviceAttestationPKI = 0;
    OperationalPKI = 1;
    VIDSignerPKI = 2;
}

    CertificateType certificateType = 15;

This remains wire compatible with the previous isNoc because both bool and enums are encoded as varints.

The text was updated successfully, but these errors were encountered:

hawk248 · 2024-10-31T15:32:15Z

DCL TT : change isNoc to enum as specified here.

robszewczyk mentioned this issue Oct 31, 2024

Getting certificate information from different lists or all (follow up from #610) #612

Closed

Artemkaaas mentioned this issue Nov 2, 2024

PKI API compatibility #613

Merged

Artemkaaas added this to the v1.4: DCL 1.4 milestone Nov 11, 2024

ashcherbakov added this to DCL 1.4 Nov 21, 2024

ashcherbakov closed this as completed Nov 21, 2024