Surfaced during the v0.1.0 review (PR #2). Closely tied to the conformance-baseline conversation in that PR. Filing separately so we can track the crypto details independently.
specification.md §10.1 lists HMAC-SHA256 as the RECOMMENDED default with no key distribution mechanism, no rotation rule, and no per-session derivation. key_id is just an opaque resolver.
The failure mode: reference implementations and copy-paste deployments will use a single hardcoded shared secret per Guardian fleet, since that's the path of least resistance the spec endorses. One Observed Agent compromise lets the attacker mint valid HMACs for every session in the fleet. There's no revocation path, so the only remediation is fleet-wide secret rotation with no protocol-defined mechanism for it.
Proposed direction:
- Per-session HKDF-derived key from a handshake-established secret, so a single session compromise doesn't burn the whole fleet
- Defined
key_id resolution flow including a minimum rotation policy in the normative text
- Optional revocation method, could be as simple as
revoked_key_ids in subsequent handshakes
Why deferred from v0.1.0: depends on the resolution of the broader Core-baseline conversation in PR #2. If we land minimum-signing in Core, this becomes part of that work. If we don't, this lives as a SHOULD in ACS-Crypto.
References: specification.md §10.1, §10.2, request-envelope.json Signature object
Surfaced during the v0.1.0 review (PR #2). Closely tied to the conformance-baseline conversation in that PR. Filing separately so we can track the crypto details independently.
specification.md§10.1 lists HMAC-SHA256 as the RECOMMENDED default with no key distribution mechanism, no rotation rule, and no per-session derivation.key_idis just an opaque resolver.The failure mode: reference implementations and copy-paste deployments will use a single hardcoded shared secret per Guardian fleet, since that's the path of least resistance the spec endorses. One Observed Agent compromise lets the attacker mint valid HMACs for every session in the fleet. There's no revocation path, so the only remediation is fleet-wide secret rotation with no protocol-defined mechanism for it.
Proposed direction:
key_idresolution flow including a minimum rotation policy in the normative textrevoked_key_idsin subsequent handshakesWhy deferred from v0.1.0: depends on the resolution of the broader Core-baseline conversation in PR #2. If we land minimum-signing in Core, this becomes part of that work. If we don't, this lives as a SHOULD in ACS-Crypto.
References:
specification.md§10.1, §10.2,request-envelope.jsonSignature object