Attach UCANs to WNFS to prove authenticity of writes #7
Description
Current state: In practice, WNFS writes are gated on write time by each peer in comparison to what they have verified up until that point.
- This makes it impossible for newly onboarding peers who didn't have a WNFS state in advance to verify authenticity of synced state, unless the peer they're syncing with can prove root access.
- It also makes it impossible to peers to "relay"/gossip changes they've heard about a particular WNFS to other peers when they don't have permission to change these parts of WNFS.
Goal: WNFS becomes an authenticated data structure in respect to some root DID that owns it.
This is difficult for two reasons:
- UCANs are meant to expire, so old writes would become invalid after some time. One key insight here has been that UCANs of newer writes can be used as attestation that already expired UCANs have been valid, if the time bounds of these UCANs are overlapping.
- We need to be careful to leak as little metadata as possible on the private file system side.