[OLPC Security] [Techteam] Crypto export and python-crypto
C. Scott Ananian
cscott at laptop.org
Tue Jun 3 10:41:40 EDT 2008
On Tue, Jun 3, 2008 at 9:30 AM, Jameson Chema Quinn
<jquinn at cs.oberlin.edu> wrote:
> On formats, I agree in principle. But as your own email points out, there
> are already two different signature formats invented for the XO, because of
> specifics about what is to be signed. If these do not work for my needs, I
> do not see why I should not invent another.
Exactly because we already have two, we should avoid having *three*!
It would be better to patch one of these so we only have *one*. (And
what are the two formats you are referring to?)
> The OpenPGP attack you mention has to do with encryption, not signatures.
Please read page 25 of
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf. Although
there is (yet) no practical attack, it (like MD5) is not recommended
for new applications.
> I did look at JAR files, and decided that their format lacked some desirable
> features. They are based on md5 hashes, which are close to broken; they do
You are wrong. http://java.sun.com/j2se/1.3/docs/guide/jar/jar.html#Digital%20Signatures
> not allow for granting privileges to secondary keys, which means that
You can have any number of .SF signature files, signing any
combination of the contents.
> user; they interact poorly with differential versioning storage; and they do
They in fact interact quite well. See
http://wiki.laptop.org/go/XO_updater#Application_updater
> not allow for unsigned content in a signed bundle, which makes localization
I do not believe this to be the case.
> more of a pain. Any one of those problems I could have lived with, the three
> together seem to me like a good enough reason for changing a format. And
And in the absence of any of the three?
> The contents manifest specification does not fit my needs either.
I'll let this pass, for now, but I explicitly designed it to fit both
the OS and activity update case, so I find this statement puzzling. I
think what you mean is, "it does not solve *all* my problems for me",
and this is because it is not designed to. It is just one part of a
solution. But I prefer the JAR file format for activities anyway, so
I don't think it's worth belaboring this.
--scott
--
( http://cscott.net/ )
More information about the Security
mailing list