Re: [Arx-users] "Signed" archives

arx-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Arx-users] "Signed" archives

From:	Kevin Smith
Subject:	Re: [Arx-users] "Signed" archives
Date:	Fri, 10 Dec 2004 08:53:52 -0500

On Fri, 2004-12-10 at 08:45 -0500, Walter Landry wrote:
> If an archive is signed, then ArX will verify signatures for any
> revision it gets from the archive.  So if an attacker deletes some of
> the signatures, ArX will complain and fail.

(snip)

> It isn't entirely atomic, in that it does one revision at a time.  So
> someone seeing the archive halfway through would see parts signed, and
> parts unsigned.
> 
> Would that be good enough?

I'm not as concerned about the atomicity as I am about the (bad) notion
of a partially-signed archive. My current opinion is that a partially
signed archive is an invalid archive. If someone were to see the archive
half-way through the process, their operations should fail the moment
they encounter an unsigned patch or revision in an archive that claims
to be signed.

I think that's the same thing you said in the first paragraph above, but
a not certain. ArX should make it difficult to end up with a
partly-signed archive, and should make it moderately easy to convert a
partly-signed archive into a fully-signed archive (possibly by first
converting it to an unsigned archive?)

Kevin

[Prev in Thread]

Current Thread

[Next in Thread]

[Arx-users] "Signed" archives, Kevin Smith, 2004/12/10
- Re: [Arx-users] "Signed" archives, Walter Landry, 2004/12/10
  - Re: [Arx-users] "Signed" archives, Kevin Smith <=
    - Re: [Arx-users] "Signed" archives, Walter Landry, 2004/12/10

Prev by Date: Re: [Arx-users] Signature command set
Next by Date: Re: [Arx-users] Signature command set
Previous by thread: Re: [Arx-users] "Signed" archives
Next by thread: Re: [Arx-users] "Signed" archives
Index(es):
- Date
- Thread