gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-user

From: Karel Gardas
Subject: Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch]
Date: Mon, 8 Dec 2003 09:01:34 +0100 (CET) 
On Mon, 8 Dec 2003, Robert Collins wrote:

> On Mon, 2003-12-08 at 08:49, Karel Gardas wrote:
> > On Mon, 8 Dec 2003, Robert Collins wrote:
> >
> > > You basically replicate Tom's proposal, with a few key changes:
> > > 1) metadata per archive registration, not per archive.
> > > 2) the use of x509
> > > 3) keeping tla out of the TCB.
> > > 4) minor logic about whether to dumb-copy signatures or to optionally
> > > resign.
> >
> > Have you noticed hook proposal? i.e. what do you think about doing whole
> > crypto in hook script(s)?
>
> Yes, but it's got problems.
> 1) we'd have to use new hooks. Currently hooks around commit occur after
> the changeset is uploaded (race condition on signing) or before the
> changeset is created.

Right! New hooks are needed, that's true.

> 2) It doesn't allow for consistent operation on multi-user archives.

Yes, that might be problem, especially if we are going to provide some
crypto related meta date in the archive.

> Basically, I think this is something well worth doing in tla.

Yes, I agree, I'm just afraid about support for various technologies
(gpg, pgp, openssl, etc.) -- so IMHO we need extensible support.

Cheers,

Karel
--
Karel Gardas                  address@hidden
ObjectSecurity Ltd.           http://www.objectsecurity.com
reply via email to
[Prev in Thread] Current Thread [Next in Thread]