Re: [Gnu-arch-users] one more feature needed for signing

gnu-arch-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] one more feature needed for signing

From:	Jason McCarty
Subject:	Re: [Gnu-arch-users] one more feature needed for signing
Date:	Sat, 13 Dec 2003 17:22:59 -0500
User-agent:	Mutt/1.5.4i

Tom Lord wrote:
>    A simple fix is:
> 
>       i) when creating a revision directory, create and store
>            an additional file containing the lines:
> 
>               <fully-qualified revision name>
>                 <hash of CONTINUATION, if present>
>                 <hash of changeset, if present>
>                 <hash of full-text, if present>
>                 <hash of log>
> 
>            and sign that.
> 
>       ii) when creating an archive-cached revision, create
>             and store an additional file containing the lines:
> 
>               <fully-qualified revision name>
>                 <hash of archive-cached tar bundle>
> 
>             and sign that.

It seems to me that this scheme would remove the need to sign each file
individually, while being just as strong security-wise. For archive
verification purposes, it's probably not necessary to sign cachedrevs,
since they can be regenerated at will. But it's a good idea to do so
anyway, for future versions of "tla get" that know about signatures.

>       iii) supplement the signature checker with a tool that
>              verifies the contents of those files:  both that
>              the hashes are correct and that the fully-qualified
>              revision name is the right one.

And indeed, I think this tool would be sufficient without the other
signatures.

Jason

[Prev in Thread]

Current Thread

[Next in Thread]

Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], (continued)
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Florian Weimer, 2003/12/07
  - Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/13
  - Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/13
    - [Gnu-arch-users] svn signatures (was Re: [...] crypto signatures for arch), Tom Lord, 2003/12/13
  - Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/13
    - Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Andrew Suffield, 2003/12/13
    - [Gnu-arch-users] one more feature needed for signing, Tom Lord, 2003/12/13
    - Re: [Gnu-arch-users] one more feature needed for signing, Jason McCarty <=
    - Re: [Gnu-arch-users] one more feature needed for signing, Robert Collins, 2003/12/13
    - [Gnu-arch-users] Re: one more feature needed for signing, Robert Collins, 2003/12/21
    - Re: [Gnu-arch-users] Re: one more feature needed for signing, Robert Collins, 2003/12/21
    - Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/13

Prev by Date: Re: [Gnu-arch-users] Debian builds of tla
Next by Date: Re: [Gnu-arch-users] User-defined "macro" commands
Previous by thread: [Gnu-arch-users] one more feature needed for signing
Next by thread: Re: [Gnu-arch-users] one more feature needed for signing
Index(es):
- Date
- Thread