Admin-reserved and Prohibited Key Derivation Protocols

Ty Everett (ty@projectbabbage.com)

Abstract

We define a set of reserved protocol namespaces that can be employed by clients utilizing the BRC-43 invoice numbering scheme to be set aside for administrative and internal use by the client software itself. This enables client software to manage its own internal state without the risk that application software will utilize the same internal protocols.

Motivation

BRC-43 1 defines an open-ended way to create protocols and systems of interaction within a BRC-42 2 key derivation architecture. However, client software implementing the BRC-43 1 invoice numbering scheme needs a way to manage its own internal state, encrypt data and perform administrative tasks like permissions management without interference from applications.

With this specification, we define a list of namespaces in which applications are never allowed to derive keys, and any client that follows this specification will refuse requests made by applications to perform these operations.

Specification

We reserve the following protocol IDs for the administrative and internal use of clients, no matter the security level:

User Management
DNS Protocol Access Control
DNS Spending Authorization
DNS Basket Access Control
DNS Certificate Access Control
Any protocol ID containing babbage
Any protocol ID containing cwi

References

1: BRC-43: Security Levels, Protocol IDs, Key IDs and Counterparties
2: BRC-42: Sendover Key Derivation Scheme

PreviousSecurity Levels, Protocol IDs, Key IDs and Counterparties NextRevealing Key Linkages

Last updated 8 months ago