Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Comments

Documentation of Version 1 asset contracts (CBOR) format#897

Open
gwillen wants to merge 2 commits intoElementsProject:master from
gwillen:feature-asset-contract-cbor
Open

Documentation of Version 1 asset contracts (CBOR) format #897
gwillen wants to merge 2 commits intoElementsProject:master from
gwillen:feature-asset-contract-cbor

Conversation

@gwillen
Copy link
Contributor

@gwillen gwillen commented Aug 3, 2020

This document describes:

  • A brief history of Elements asset contracts
  • A new format for user-supplied asset contracts, based on the RFC 7049 CBOR standard
  • Some other tools and interfaces for dealing with assets and asset contracts

Left for another document which will come separately:

  • Changes to the way asset values are handled in the Elements RPC interface, to
    cleanly handle assets with different levels of precision (i.e., number of digits after the
    decimal point)

louisinger and Janaka-Steph reacted with rocket emoji
Copy link
Contributor

ACK 63f7056

Copy link
Contributor

ACK

* (The field names `"precision"`, `"ticker"`, and `"entity"` are reserved for backwards compatibility, and may not be used.)
* `"name"`, a string containing ASCII characters, length 1 to 255 (inclusive)
* `"issuer_pubkey"`, a byte-string containing a secp256k1 public key in compressed form.
* `"domain"`, a domain name belonging to the issuer
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe also specify how the accompanying real-world contract can be found on this domain, with the hash of the text of this real-world contract to be used as 'contract hash' in the issuance ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This way wallets will be able to locate the real-world contract governing the off-chain conditions, verify that it is indeed referenced in the issuance, and display the contract to the user

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We mention the use of the 'domain' field a bit later under 'Registry rules' -- it's only used to prove the identity of the asset issuer. The use of "contract" here is not referring to a legal contract, but just to this structure with the parameters of the asset in it. (There is some discussion below of how these "contracts" are distributed.)

If the issuer wanted to add a reference to some other document, they would do that by adding another field, but it would be up to them to define the meaning of it.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not define the standard way to do this, especially if there is a need to pull some file from that domain to prove the identity of the issuer ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and if standard way is defined, then there's no need for adding another field

Registry rules:
* A registry may impose additional restrictions on contracts, beyond those described above.
* In particular: The Liquid Asset Registry requires the `name`, `issuer_pubkey`, and `domain` fields to be present, and the `domain` field must be controlled by the issuer, which must be proven by the existence of a specific file served over https from that domain.
* The domain validation rule helps protect registry users against assets which are intended to spoof other assets.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the domain validation rule exactly ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added more info!

* Some additional restrictions are imposed on the CBOR data, for security, ease of parsing, and (limited) JSON compatibility:
* The CBOR must be "well-formed" and "valid", and decoding must be done in "strict mode" if possible, as defined in RFC 7049:
* Maps MUST NOT have duplicate keys.
* Strings MUST be valid UTF-8.
Copy link
Contributor

@jgriffiths jgriffiths Feb 25, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Domain names should be ASCII, punycode etc to mitigate https://en.wikipedia.org/wiki/IDN_homograph_attack

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@jgriffiths jgriffiths jgriffiths left review comments

@dgpv dgpv dgpv left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

AltStyle によって変換されたページ (->オリジナル) /