[Etoys] Key generation

Yoshiki Ohshima yoshiki at squeakland.org
Fri Oct 20 14:33:29 EDT 2006


  Hello,

> Well, Michael is a bit unsure ;-)

  Wow, hehe.

> The key might still be in use for signing projects when publishing.  
> If you download a project that was signed with your own key, the  
> sandbox is not switched on. So having a single key for all users  
> would be bad, because everyone would be trusted. Having no key means  
> everyone would be distrusted, which is what we want I think.
> 
> We would have to test if projects are still interchangeable between  
> machines with and without key (remember to remove the key from the  
> secure directory). It might be that some file offset changes if the  
> key is taken out.

  By looking at the code that guesses the time to generate.  It is
really a guess.  An aspect of it is that we can show for B-Test users
that we honors security, and one time overhead of 90-120 seconds is
not that bad for that.

  I might vote for change the coefficient in the guess expression
facter of 5 and limit the number display by 99%, and we keep the
preference on.

-- Yoshiki


> 
> - Bert -
> 
> Am 20.10.2006 um 14:05 schrieb Scott Wallace:
> 
> > I'll ask Andreas about this later today.
> >
> > Meanwhile, perhaps Bert could speak with Michael about it as well.
> >
> > Couldn't hurt to have the advice of the world's two leading  
> > authorities on this subject...
> >
> > Cheers,
> >
> >   -- Scott
> >
> >
> > On Oct 19, 2006, at 1:32 PM, Yoshiki Ohshima wrote:
> >
> >>> Anyway... it appears that disabling the #automaticKeyGeneration
> >>> preference keeps the key-generation from happening at start-up, yet
> >>> still allows publishing and loading projects, and still uses  
> >>> MySqueak
> >>> as the default directory.  Maybe that's all that's needed.
> >>
> >>   I would think so.  Did you try to load a project published from an
> >> image in a directory into another image in another directory?
> >>
> >>> Or perhaps, for this build, would it make sense simply to include a
> >>> pre-built squeak.keys file alongside the image, and not otherwise
> >>> tamper with the security settings?
> >>
> >>   Yeah, I thought about this but I think it adds unnecessary
> >> complication.
> >>
> >> -- Yoshiki
> >> _______________________________________________
> >> Etoys mailing list
> >> Etoys at laptop.org
> >> http://mailman.laptop.org/mailman/listinfo/etoys
> >
> > _______________________________________________
> > Etoys mailing list
> > Etoys at laptop.org
> > http://mailman.laptop.org/mailman/listinfo/etoys
> 
> _______________________________________________
> Etoys mailing list
> Etoys at laptop.org
> http://mailman.laptop.org/mailman/listinfo/etoys


More information about the Etoys mailing list