Reputation: 625
Who exactly issues the confidential identity in Corda?
How is X.509 certificate for a confidential identity signed? Does the node signs it with it's node certificate? Or is it signed with node's well-known signing identity?
How is it avoided that the certification chain can not be followed back from the signature created by the confidential signing identity? For instance, in the cash usecase where historic states back to the issuer have to be presented in order to be able to validate cash transactions.
Upvotes: 1
Views: 563
Answers (1)
Reputation: 23210
The node's well-known identity issues and signs certificates for each one of its confidential identities.
It only shares the certificate chain linking a confidential identity back to its well-known identity on a need-to-know basis.
If a node inspects a transaction chain where a confidential identity has been used for which they have not received the certificate chain, the node will simply see an anonymous public key that they cannot link to a well-known identity.
Upvotes: 2
Related Questions
- while building SAAS solutions based on Corda, who owns the certificates issued to each participant?
- Corda - Confidential Identities vs anonymise function
- Corda self ISSUE flow without notarization
- Corda confidential identities where does it gets stored in H2
- How multiple users of same department operates node via user interface which caters identity as "Bank node"?
- If a Corda OwnableState is owned by an AnonymousParty, who stores it?
- Who runs the Notary in Corda?
- In Corda, what's the difference between well-known, service and confidential identities?
- In Corda, how to share confidential identities between multiple parties?
- Observer node with confidential identities