A somewhat-less strawman, to see if it sparks anyone's interest. I feel it is not worth it.<br><br>Each link in the signature chain looks like:<br>hashname_1 key-or-keyid_1 expiration_1 old_gid new_gid sig(hash(next_keyid:old_gid:new_gid:expiration_time))<br>
<br>confirmation goes something like this (I know you do it in C, but python is easier for pseudocode):<br><br>valid_gids = ["sn-"+serial_number]<br>for hashname,keyid,expiration,old_gid,new_gid in signature_chain:<br>
if old_gid in valid_gids:<br> valid_gids = valid_gids[:valid_gids.index(old_gid)]<br> if new_gid != valid_gids[-1]:<br> valid_gids += [new_gid]<br> else:<br> return invalid<br>
....confirm signature itself....<br><br>In other words, at the beginning the valid gid is serial_number; old_gid truncates the list of valid gids; and new_gid can extend it.<br><br>All gids could be restricted to a certain definite length.<br>
<br>Thus the top level signature could as-sign an xo to a certain group, and lower level signatures could address it either as part of that group or individually. The full signature chain would still be valid only for a given serial number, but some links might be valid for whole groups. In theory, an XO could keep track of its own front part (group assignments) so that it could accept just the common tail part of a validation. Of course, unless you could trust the root user to NEVER delete that front part by mistake, you would have to keep a backup of each individual group assignment chain, and so you'd lose all the advantages of this system. Also, for short signature chains, the benefits of group assignment are small, since the chain MUST start with a serial number and, to provide any theft deterrence, SHOULD end with a serial number.<br>
<br>So IF we could trust the xos to keep their own signature chains, and IF most signature chains were at least 3 links long, and IF there was little cost in adding extra links in the chain just for group assignment, THEN this system would provide marginal "benefits" in reducing the need for local school servers to store separate validation signature chains for each of its client XOs. Meh.<br>
<br><div class="gmail_quote">On Fri, Jun 13, 2008 at 7:52 AM, C. Scott Ananian <<a href="mailto:cscott@laptop.org">cscott@laptop.org</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">On Fri, Jun 13, 2008 at 5:46 AM, Morgan Collett<br>
<<a href="mailto:morgan.collett@gmail.com">morgan.collett@gmail.com</a>> wrote:<br>
> By md5, you meant sha-256, right? :)<br>
<br>
</div>I did say it was a strawman. ;-)<br>
--scott<br>
<font color="#888888"><br>
--<br>
( <a href="http://cscott.net/" target="_blank">http://cscott.net/</a> )<br>
</font><div><div></div><div class="Wj3C7c">_______________________________________________<br>
Security mailing list<br>
<a href="mailto:Security@lists.laptop.org">Security@lists.laptop.org</a><br>
<a href="http://lists.laptop.org/listinfo/security" target="_blank">http://lists.laptop.org/listinfo/security</a><br>
</div></div></blockquote></div><br>