Skip to content

specify NR/NewsroomID #113

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: 101-setup
Choose a base branch
from
Draft

specify NR/NewsroomID #113

wants to merge 1 commit into from

Conversation

@cfm
Copy link
Member

@cfm cfm commented Oct 17, 2025

@cfm cfm added this to the v0.3 milestone Oct 17, 2025
@cfm cfm mentioned this pull request Oct 17, 2025
Merged
@cfm cfm changed the title specify NR/NewsroomID specify NR/NewsroomID Oct 17, 2025
rocodes
rocodes reviewed Nov 12, 2025
View reviewed changes
Copy link
Contributor

@rocodes rocodes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So basically, if a newsroom's key changes, its ID changes? I wonder if we should instead go the other way and have a static unchanging ID that is signed somewhere by the newsroom. The NR ID is fed into a KDF, so if a newsroom rotates their signing key, it would have to simultaneously publish 2 IDs for the message expiry period of time, or all users would have to store the old id/old signature hash to be able to decrypt messages signed when a prior NR was in use, which could be confusing.

@felixlinker
Copy link

felixlinker commented Nov 14, 2025

What about: Link to the SecureDrop instance web interface with a self-authenticating domain name (https://ieeexplore.ieee.org/document/8901582), that is a subdomain of the news organizations domain name. For example d3adb33f.nytimes.com for nytimes.com. nytimes.com links to that domain name, and nytimes.com is the newsroom ID. Very short description. Happy to elaborate if you're curious :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rocodes rocodes rocodes left review comments

Assignees

No one assigned

Labels

proposal specification

Projects

None yet

Milestone

v0.3

Development

Successfully merging this pull request may close these issues.

4 participants

@cfm @felixlinker @rocodes