fabric-private-chaincode icon indicating copy to clipboard operation
fabric-private-chaincode copied to clipboard
verified publisher icon hyperledger

Secure get_creator implementation

Open g2flyer opened this issue 5 years ago • 2 comments

Description Currently we just get the creator-name as-is from the untrusted part. To make it secure, we will have to pass the signed-proproposal to ecc which then will have to verify it and extract the creator info. As this also involves MSP validation and alike which tlcc has to do (see e.g., issue #125), this is probably best done via a RPC to TLCC.

g2flyer avatar May 14 '20 20:05 g2flyer

tabled until we have trusted ledger ...

g2flyer avatar Dec 08 '20 18:12 g2flyer

This is partially addressed with #637. We ensure that the creator identity returned by the function is indeed backed with the data from the signed transaction proposal. However, still, without the trusted ledger we cannot check the returned identity with the MSP of the channel.

mbrandenburger avatar Jan 28 '22 12:01 mbrandenburger