AntTP - Serving Autonomi data over HTTP

I wanted to link this debate here…

FWIW, I’m designing something like this into AntTP.

In v0.6.0, when you perform an API create/update (for pointers/registers), it currently just executes in the background and returns control immediately - it assumes success, but a get can be used to confirm success if needed.

However, the plan is to push these creates/updates into a queue/pool of tasks that don’t immediately get sent to the network. Instead, they will be pending signing by the creator. Once signed, they will be sent to the network.

In short, there will be a header which can be used to provide a public key associated with the operation (it can/should be different from other keys for improved security). When a new task is submitted, the user can then confirm and sign it with their private key, which will then trigger AntTP to process the task.

I expect this signing flow would be a separate app and/or browser plugin (or part of this browser extension? :thinking: ). It would list / detail the tasks and allow management over batching tasks, etc, to avoid annoying noise (confirming everything could get painful!).

It would also open the door to the client encrypting the data with said public key. The signing flow could then decrypt, validate, then sign. This would improve security and avoid man-in-the-middle attacks (at least between client and remote AntTP, which is most public, but local AntTP doesn’t suffer MITM issues).

EDIT: Note, this could also potentially support multi-sig, where multiple parties would need to sign prior to the task being executed by AntTP.

2 Likes