commit 5dce942b3e8506deda2413cf0f9633d6e2d3dec1
parent 2515a955d5de7805cd6b33cb3880dc377905fd82
Author: Christian Grothoff <christian@grothoff.org>
Date: Wed, 22 Apr 2026 22:44:38 +0200
clarify encodings used
Diffstat:
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/design-documents/076-paywall-proxy.rst b/design-documents/076-paywall-proxy.rst
@@ -48,11 +48,12 @@ Steps:
this client IP address and ``{website}`` at this time.
The *Paivana Cookie* is computed as:
- ``cur_time || '-' || H(website || client_ip || paivana_server_secret || cur_time)``.
+ ``cur_time || '-' || crock32(SHA512(website || client_ip || paivana_server_secret || cur_time))``.
where ``cur_time`` in the prefix is the current time in seconds
(to keep it short) while in the hash it is usually binary GNUnet
timestamp in network byte order.
+ ``crock32`` is GNUnet's Crockford-inspired base32 encoding.
* If such a cookie is set and valid, the request is
reverse-proxied to upstream. *Stop.*
@@ -67,8 +68,10 @@ Steps:
since the Epoch and the current URL (``{website}``) plus some
freshly generated entropy (``{nonce}``):
- ``paivana_id := cur_time || '-' || H(nonce || website || cur_time)``.
+ ``paivana_id := cur_time || '-' || b64url(SHA256(nonce || website || cur_time))``.
+ Here ``b64url`` is the RFC 7515 base64 URL encoder, used to keep
+ the result short (same reason for the use of SHA-256).
The same computation could also easily be done by a non-JS client
that processes the ``Paivana`` HTTP header (or a GNU Taler wallet
running as a Web extension).
