• Ownerhash is not available to wrapped names due to logic misplacement in CCIP2ETH:resolve()
• Fix only possible upon re-deployment in future releases

avatar record is missing in GatewayManager()

CCIP2.eth v1 binds root permissions to the owner of the legacy domain or the owner of the wrapped domain (= ERC-1155 token). Find ways to incorporate manager into the mix and mitigate any divergences that occur in the process due to,

a) the deterministic nature of approval and record signatures, and
b) the deterministic key generation for IPNS users.

Seems like a typo in line 261 of CCIP2 Resolver

if (
           !iCCIP2ETH(this).validSignature(
                    _owner,
                    keccak256(
                        abi.encodePacked(
                            "\x19Ethereum Signed Message:\n", gateway.uintToString(bytes(_req).length), _req
                        )
                    ),
 >>>>>              _approved
                )
            ) {
                revert InvalidSignature("BAD_APPROVAL_SIG");
            }

_approved should be signature

This is alternative to on-chain approved function fully off-chain to save T2/T3 gas cost and use K2 to sign all records data once approved by owner K1.

Our current signature format for records validation :

{data: "0x<bytes4 _callbackSelector>+<abi.encode(_signer, _signature, abi.encode(_record))>"}

Add new approved type with signature from owner :

{data: "0x<bytes4 _approvedSelector>+<abi.encode(_signer, _signature, _approvedSignature, abi.encode(_record))>"}

In callback 1st we check if approved signature is from owner delegating signer key as manager,
followed by normal signature validation for records..

Adding new helper text record "approved".json with list of keys approved with full signatures.
It'll be used by records manager client to add previously approved signatures.

We don't need any validity/extradata in approval request as storage is always under IPNS keys's/ owner's.

let request = "Requesting Signature To Approve Manager Key\n\n...ENS Domain : domain.eth\nManager: 0x<Approved _K2>\n\nSigned By: 0x<owner_K1>"

Off-chain Resolver record type ../version.json mapped to recordVersions(bytes32) function from latest ENS resolver designs.

function recordVersions(bytes32 node) external view returns (uint64);

../version.json format, _version is IPNS record's internal version counter.

{
    "data" : "0x<abi.encodePacked(_callback.selector, signer, signature, abi.encode(uint64(_version++)))>",
    "version" : _version,
    "prev" : "</ipfs/ipld/hash of last version || "" for first version>"
    //.. other extradata for record
}

This should be internal task/records before final IPNS publish. it'll be handy in future clients to debug and update helper & also historical/archive feature if all old IPFS/IPLD data is still pinned out there somewhere.

I was initially thinking to dump string version number as text record, * it's helper for records manager so we can use recordsVersion to match Namewrapper/latest resolvers.