You are reading content from Scuttlebutt
@aljoscha %0XQVRvvpbPl1nBBVPDgVrAB4zWmVTnh8CfZqlpWvJC8=.sha256
Re: %Pnas64BJ6

@arj

For bulk validation I decided to go with the solution Dominic mentioned by just validating the signature of the last message.

Just because it hasn't been mentioned yet in this thread: what happens if I start appending to another person's log? That gives me a valid hash chain in which every message is correctly signed by its author, it's just that authorship changes halfway through the log.

Do you perform checks for detecting this case? Which behavior do you recommend/mandate for implementations when this case occurs? Is there even a slight possibility of clients receiving entries from a log like this and doing all sorts of undesirable things because one of the core contracts they expect a log to uphold has been broken, for example, displaying messages from the old log under the name of the author of the new suffix, or having a sudden switch of authorship in their timeline view?

You can still easily (and quickly, compared to signature validation) verify that all messages have the same author, but that should be specified somewhere.

Nitpicking on the spec:

Status: In review

By whom? For how long? Under which criteria? Don't tease the poor reader like that.

The verification section is only local to each message. It should at the very least link to the specification for log verification (valid hash chain, single-author, etc). Which exists, right? =P

Join Scuttlebutt now