[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Arx-users] "Signed" archives
From: |
Kevin Smith |
Subject: |
[Arx-users] "Signed" archives |
Date: |
Thu, 09 Dec 2004 23:50:03 -0500 |
I'm not yet clear on how (if?) an archive could transition from being
unsigned to being signed. If an archive is signed, then I think that has
to mean that EVERY patch and revision is signed. Otherwise, an easy
attack is to delete some of the signatures, and then modify the data
that is no longer protected.
Without thinking it through all the way, it seems like the restriction
might be even stronger: that every patch and revision would have to be
signed by a key that is (still) in the list of public keys for that
archive. Not sure about that part, though.
So as a result of that first paragraph, it seems to me that there needs
to be a way to "sign" an entire existing, unsigned archive as an atomic
transaction. Maybe that's an external utility, rather than a new command
that would only rarely be used?
Kevin
- [Arx-users] "Signed" archives,
Kevin Smith <=