Skip to content

Epic C (native KEL distribution) — deferred follow-ups #212

Open
Open
Epic C (native KEL distribution) — deferred follow-ups#212
@bordumb

Description

@bordumb
bordumb
opened on Jun 3, 2026

Epic C (native KEL distribution) — deferred follow-ups

Epic C (docs/architecture/keri-only-roadmap.md → "Epic C", design in docs/architecture/kel-distribution.md)
shipped native KEL distribution: C1 git-remote resolution, C2 OOBI static export + SSRF-hardened HTTP
client, C3 Key-State Notice (trust-on-first-sight). The following were intentionally scoped out and are
tracked here.

Deferred — have a home in a later epic

  • External KERI-tooling byte-interop (keripy / keria / signify). The C2/C3 wire formats are
    auths-only until the CESR/wire-format alignment in "Epic 4" (docs/plans/keri_compliance.md):
    in-body dt in the SAID, 1AAI used as the P-256 transferable code.
  • Witness-grade KSN trust → Epic D. C3 ships a controller-signed, trust-on-first-sight KSN with a
    reserved (uncovered-by-signature) witness-receipt slot; Epic D fills it with bt-of-b receipts
    and adds a Witnessed trust level. No wire-format break expected.
  • Cross-source / split-view duplicity resolution UX (auto-pick / merge forks) → Epic D. C only
    detects (downstream detect_duplicity warning) and enforces a local-first rollback floor.

Deferred — standalone follow-ups

  • CLI KSN consume command (auths verify --ksn <url>): fetch ksn.json via the existing
    HttpOobiResolver pattern, then SignedKsn::verify() + check_not_stale(). The verify primitive,
    wire format, and serde round-trip are done + tested; this is the remaining presentation glue.
  • SDK keychain-backed KSN builder: wire SignedKsn::sign_with(..) to key_ops::sign with the
    controller's current key from the platform keychain (the signer seam + a real ring-signed roundtrip are
    already tested).
  • Per-event CESR -A## signature-attachment export in the OOBI/KEL wire format. Today the export
    carries event bodies only; key-state derivation relies on the self-addressing SAID chain + pre-rotation
    commitments (sound for the verify path). Attachments matter for witness/receipt flows (Epic D).
  • Authenticated / private git remotes (git2::RemoteCallbacks SSH/HTTPS creds). v1 supports
    anonymous/public remotes only.
  • KEL publication / push side (git push of the registry / POST to an OOBI host). Epic C is
    resolution (read) only.
  • Cross-transport / negative caching (remembering a 404, caching resolved key-state). Deferred
    deliberately — revocation-criticality makes a naive cache dangerous; needs a head-sequence freshness
    check (ties into the rollback floor + Epic D).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions