gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch

From: Karel Gardas
Subject: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch
Date: Sun, 7 Dec 2003 22:48:21 +0100 (CET) 
On Mon, 8 Dec 2003, Robert Collins wrote:

> On Mon, 2003-12-08 at 08:12, Karel Gardas wrote:
> > > `get' doesn't check signatures in this proposal.  My reasoning is that
> > > while the archive host is going to have public keys (somewhere outside
> > > of where arch itself can touch them) clients running `get' generally
> > > won't.
> >
> > Oops, either I don't understand, or if I understand, that's IMHO no
> > security at all. IMHO get _needs_ to verify signatures.
>
> The immediate goal for GPG support, is to allow archive integrity checks
> post-server-compromise - see the message from RMS in Tom's post.
>
> Thus, having tla get check the signatures is orthogonal to the immediate
> goal.
>
> That said, having get check the signatures makes sense as a phase 2
> implementation.
>
> For users wanting to gpg check in phase 1, it's easy: archive-mirror to
> the local disk, with copying signatures enabled. Then run the integrity
> checking script tom proposed.

Aha, now I understand, you are talking about support for signatures on
commit, etc. (i.e. pushing something into the archive) and avoiding any
support for sigs. verification when the changeset is used. Yes, whole
archive verification is quite easy scripting work...

In fact, during my thinking about the topic I came with reverse idea:
verify signatures on get/etc. but sign changesets manually directly in
archive + push-mirror change to push dump-copy of sign files.

Karel
--
Karel Gardas                  address@hidden
ObjectSecurity Ltd.           http://www.objectsecurity.com
reply via email to
[Prev in Thread] Current Thread [Next in Thread]