itsgoin

History

Scott Reimers 63ff5ad6eb feat(fof-layer2): CDN four-check verification on incoming FoF comments Wires the propagation-side accept rule per docs/fof-spec/layer-2-mode2-fof-comments.md. When a BlobHeaderDiffOp:: AddComment arrives for a post whose CommentPolicy.allow_comments is FriendsOfFriends, the receive path now: 1. Looks up the parent post in storage. If the post lacks fof_gating, drop (policy says FoF but no key material to verify against). 2. Calls fof::verify_fof_group_sig (which folds together: valid pub_x_index range + Ed25519 verify of group_sig against pub_post_set[pub_x_index] over the binding tuple). 3. Checks pub_post_set[pub_x_index] is NOT in fof_gating.revocation_list (initially empty; revocation diffs land in a future slice but the check is in place now). 4. Continues to the existing identity_sig verify step. Any failure → continue (drop, don't store, don't forward). This kills the bandwidth-amplification DoS that a single admitted FoF member could otherwise mount by spamming forged group_sigs. Receive-side storage of FoF comments is via the existing storage.store_comment call; the InlineComment shape carries the FoF fields (pub_x_index, group_sig, encrypted_payload) through unchanged. 139 tests pass (relay_cooldown flake is pre-existing and unrelated). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-14 14:06:34 -04:00
..
src	feat(fof-layer2): CDN four-check verification on incoming FoF comments	2026-05-14 14:06:34 -04:00
Cargo.toml	v0.6.2 release: version bump + changelog	2026-04-22 23:54:40 -04:00

Scott Reimers 63ff5ad6eb feat(fof-layer2): CDN four-check verification on incoming FoF comments

Wires the propagation-side accept rule per
docs/fof-spec/layer-2-mode2-fof-comments.md. When a BlobHeaderDiffOp::
AddComment arrives for a post whose CommentPolicy.allow_comments is
FriendsOfFriends, the receive path now:

1. Looks up the parent post in storage. If the post lacks fof_gating,
   drop (policy says FoF but no key material to verify against).
2. Calls fof::verify_fof_group_sig (which folds together: valid
   pub_x_index range + Ed25519 verify of group_sig against
   pub_post_set[pub_x_index] over the binding tuple).
3. Checks pub_post_set[pub_x_index] is NOT in fof_gating.revocation_list
   (initially empty; revocation diffs land in a future slice but the
   check is in place now).
4. Continues to the existing identity_sig verify step.

Any failure → continue (drop, don't store, don't forward). This kills
the bandwidth-amplification DoS that a single admitted FoF member
could otherwise mount by spamming forged group_sigs.

Receive-side storage of FoF comments is via the existing
storage.store_comment call; the InlineComment shape carries the FoF
fields (pub_x_index, group_sig, encrypted_payload) through unchanged.

139 tests pass (relay_cooldown flake is pre-existing and unrelated).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-14 14:06:34 -04:00

src

feat(fof-layer2): CDN four-check verification on incoming FoF comments

2026-05-14 14:06:34 -04:00

Cargo.toml

v0.6.2 release: version bump + changelog

2026-04-22 23:54:40 -04:00