Change rules can be circumvented by re-registering keys on a new chain
Closed this issue · 1 comments
mjbrisebois commented
Discovered when writing the scenario for claiming unmanaged keys (see e1bd416).
Reproduction steps
- A key is registered (managed or unmanaged) on chain A
- The same key is registered again on chain B
- Chain B can revoke the key without knowing the revocation keys of chain A's change rules
Since key anchors can only contain the key bytes, there is no way to determine which chain's change rules should be enforced.
mjbrisebois commented
Will be solved in Holochain by adding key_authority
to the agent commit actions.