authenticating DAG node authorship

[pgte]

Use case:

Two or more nodes participate in a network where each node can create several DAG nodes containing some information about operations (an append-only op log). Each one of these operations should include some authorship data that allows other participating nodes to be able to validate that this data came from said IPFS node.

Authentication mechanism:

In my idea, this authentication data on each DAG node includes the author node plus a signature of the data, signed by the node private key.

For nodes to be able to validate this data, nodes need to be able to access the node public key, even when they are offline. How could the IPFS node public key be accessible?

I'm thinking that this could be stored in the DHT, bit is there a standard and reusable way the key for each node becomes accessible?

[daviddias]

Thanks for moving this question to an issue, @pgte 👍

This is a similar situation to an IPRS record. Where you have Value + Signature + Public Key for validation. If you create a dag for these 3 values where Signature points to Value and Public Key, then the Public Key gets transferred once and it will be deduped across Records

cidRecordNode = cid({
  signature: <sig of the serialized dagNode containing the value>,
  value: { / : cidValueNode },
  pubKey: { /: cidPubKey }
})