[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Arx-users] "Signed" archives
From: |
Kevin Smith |
Subject: |
Re: [Arx-users] "Signed" archives |
Date: |
Fri, 10 Dec 2004 08:53:52 -0500 |
On Fri, 2004-12-10 at 08:45 -0500, Walter Landry wrote:
> If an archive is signed, then ArX will verify signatures for any
> revision it gets from the archive. So if an attacker deletes some of
> the signatures, ArX will complain and fail.
(snip)
> It isn't entirely atomic, in that it does one revision at a time. So
> someone seeing the archive halfway through would see parts signed, and
> parts unsigned.
>
> Would that be good enough?
I'm not as concerned about the atomicity as I am about the (bad) notion
of a partially-signed archive. My current opinion is that a partially
signed archive is an invalid archive. If someone were to see the archive
half-way through the process, their operations should fail the moment
they encounter an unsigned patch or revision in an archive that claims
to be signed.
I think that's the same thing you said in the first paragraph above, but
a not certain. ArX should make it difficult to end up with a
partly-signed archive, and should make it moderately easy to convert a
partly-signed archive into a fully-signed archive (possibly by first
converting it to an unsigned archive?)
Kevin