Stabilize message signing for unknown links
We currently support message signing and validation for unknown links under the unstable
feature flags.
The current implementation "smells" bad. We must at least cover it with tests to prove it works as expected. If it behaves correctly for all desired cases, we may consider this a documentation issue.
Use cases:
- Restrict unknown links (as now,
Strict
) - Validate all unknown links using the main key, but keep them untouched (
Sign
). - Validate all unknown links using the main key and sign them using their own link
ID
and the main key (ReSign
). - Do not touch unknown links regardless of the settings (
Proxy
). This should be overridden with aStrict
general rule. - Strip signing information for messages with unknown links (
Strip
). Stil, frames should be validated forSign
andReSign
main strategies (Strict
will simply reject them).
Observing these use cases, it looks like we still can use SignStrategy
as we do it now. It's just become slightly unintuitive and hard
to document properly.
There is one caveat we need to think about. Does it makes sense to add something like StripValid
strategy, when messsage signing information will be first validated, but then stripped?
Edited by Mykhailo Ziatin