This commit adds `%tend` `%germ` and `%snip` to the notes that gall can
pass. `%tend` is analogous to `%grow`, except with a security group defined
by .coop.
### The coop system
A `$coop` is a path, which defines a security context for the portion of
the namespace that it prefixes. Each `$coop` receives a symmetric key,
which is used to encrypt requests and responses for any key-value pair
belonging to a coop.
### Network overview
This design requires a single handshake over ames to inform clients what
key is to be used. However, this handshake can be made less frequent by
including all paths underneath the `%coop` in the response, such that if
the user is requesting sibling paths under the same `%coop`, only one
handshake is required.
### Naming
I am utterly detached to all new names introduced, just trying to get
something down
### API Design
The most contentious part of this proposal will likely be the split
between `%grow` and `%tend`. I assert (rather weakly mind you) that this
is more ergonomic for the end user, although there's a strong argument
to be made that `%grow` should just take a `(unit coop)`. If this were
the case, however, it would muddy the semantics. If the value is
encrypted, then the ship,desk,case will be in the coop, else it will be
specified in the path. Worth noting that specifying the
`%coop` and the rest of the path seperately seems like it could be
unintuitive because the path that it will be bound to is actually
`(welp coop path)`
The lifecycles for coops seem straightforward, although worth revisiting
the invariants it maintains, and how it handles those invariants. A list of such:
- No nesting (obviously good)
- Crashing on binding publically into a private coop (crashing is bad,
do we want to deliver a notification? (See footnote 1))
- Crashing on binding into a coop that doesn't exist (same notes as above)
### Key generation
Current implementation is obviously stupid, how should i do it?
### Footnotes
1. Why are the remote scry datastructures notes and not gifts? Forgive
me being out of the loop, but we don't actually use the wire for
anything anywhere, and remote scry is giving gift anyway.
2. It's so good to be back
+on-gall-response might detect the symptom of a bug, where we are
getting a %fact for a channel that has since been deleted. (Meaning that
subscription should have been cleaned up, and we shouldn't have received
the %fact.) We want to issue a %leave, but need to take care to do so
with the same identity that the subscription was opened on.
Previously, we would forcefully get the identity from the non-existent
channel, resulting in a crash. Now, we encode the identity into the wire
instead, so that we may retrieve it from there, even when the channel is
long gone.
Makes cosmetic changes to the login page of eyre. This addresses an issue with insufficient contrast between text elements and their backgrounds in dark mode.
As of RFC 5789, PATCH is a valid HTTP request method. The $method:http type,
however, did not include it.
Here, we add it to the $method:http type, so that it now includes all nine
standard HTTP methods.
