[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] RFC: arch protocol, smart server, and tla implement
|
From: |
Tom Lord |
|
Subject: |
Re: [Gnu-arch-users] RFC: arch protocol, smart server, and tla implementation prototypes |
|
Date: |
Sun, 1 Feb 2004 12:27:42 -0800 (PST) |
> From: Colin Walters <address@hidden>
> In practice though, I think what the signatures are really
> useful for is verifying an entire archive after a system
> compromise.
And for detecting a system compromise.
One idea is to add signing to the wire protocol to give servers the
option of stashing away a conventional dumb-fs copy of the archive,
even if it mostly uses an alternative format for most of its work.
You can draw on the dumb-fs copy to answer some requests very
efficiently.
You can verify the dumb-fs copy and rebuild the alternative from it to
recover from or detect compromises.
> Just securing the download against MITM attacks could also be
> done with strong authentication; for example, https or ssh. If
> you have that, then you could presume the server hasn't been
> compromised, and just not verify signatures.
I think it would be neat to have a smart-server that also had a
dumb-fs interface. (Not that this is a priority, or anything.)
-t
- Re: [Gnu-arch-users] RFC: arch protocol, smart server, and tla implementation prototypes, Sylvain Defresne, 2004/02/01
- Re: [Gnu-arch-users] RFC: arch protocol, smart server, and tla implementation prototypes, Colin Walters, 2004/02/01
- Re: [Gnu-arch-users] RFC: arch protocol, smart server, and tla implementation prototypes,
Tom Lord <=
- Re: [Gnu-arch-users] RFC: arch protocol, smart server, and tla implementation prototypes, Tom Lord, 2004/02/01