gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-user

From: Karel Gardas
Subject: Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch]
Date: Sun, 7 Dec 2003 22:38:58 +0100 (CET) 
On Mon, 8 Dec 2003, Robert Collins wrote:

> On Mon, 2003-12-08 at 08:06, Karel Gardas wrote:
> > On Sun, 7 Dec 2003, Karel Gardas wrote:
> >
> > > Well, I will probably finally write my own proposal, just to not only
> > > criticize your own. :-)
> >
> > Hello,
> >
> > as promissed:
>
> You basically replicate Tom's proposal, with a few key changes:
> 1) metadata per archive registration, not per archive.
> 2) the use of x509
> 3) keeping tla out of the TCB.
> 4) minor logic about whether to dumb-copy signatures or to optionally
> resign.
>
> Now, on 2 and 3 I agree completely - as my feedback to Tom on 3 should
> show.

ACK.

> 4) I think Tom has it right here, once the magic-detection is removed -
> and Tom has indicated a command line flag is ok.

Here, I will need to read your conversation done during writing my
proposal.

> 1) I think that the archive should indicate signatures are required, and
> the key to use should be local metadata - again, already in my feedback.

Indeed! This sounds very good.

> I'd like you to look at my feedback, and see if you have further
> critiques - as Tom's design is something that we can hack on, whereas
> your's isn't - you need to get onto tla ;).

I'm going to read your replies just right now. :-)

Karel
--
Karel Gardas                  address@hidden
ObjectSecurity Ltd.           http://www.objectsecurity.com
reply via email to
[Prev in Thread] Current Thread [Next in Thread]