[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-user
From: |
Karel Gardas |
Subject: |
Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch] |
Date: |
Mon, 8 Dec 2003 09:01:34 +0100 (CET) |
On Mon, 8 Dec 2003, Robert Collins wrote:
> On Mon, 2003-12-08 at 08:49, Karel Gardas wrote:
> > On Mon, 8 Dec 2003, Robert Collins wrote:
> >
> > > You basically replicate Tom's proposal, with a few key changes:
> > > 1) metadata per archive registration, not per archive.
> > > 2) the use of x509
> > > 3) keeping tla out of the TCB.
> > > 4) minor logic about whether to dumb-copy signatures or to optionally
> > > resign.
> >
> > Have you noticed hook proposal? i.e. what do you think about doing whole
> > crypto in hook script(s)?
>
> Yes, but it's got problems.
> 1) we'd have to use new hooks. Currently hooks around commit occur after
> the changeset is uploaded (race condition on signing) or before the
> changeset is created.
Right! New hooks are needed, that's true.
> 2) It doesn't allow for consistent operation on multi-user archives.
Yes, that might be problem, especially if we are going to provide some
crypto related meta date in the archive.
> Basically, I think this is something well worth doing in tla.
Yes, I agree, I'm just afraid about support for various technologies
(gpg, pgp, openssl, etc.) -- so IMHO we need extensible support.
Cheers,
Karel
--
Karel Gardas address@hidden
ObjectSecurity Ltd. http://www.objectsecurity.com
crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Karel Gardas, 2003/12/07
Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Paul Hedderly, 2003/12/09
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Florian Weimer, 2003/12/07
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/08
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/13