[Server-devel] A simple signed bundle/directory trust scheme for the XS
Michael Stone
michael at laptop.org
Mon Aug 11 10:24:54 EDT 2008
Martin,
Thanks for your note. Unfortunately, it left me with more questions than
with answers. Some questions include:
* What use cases are you trying to support?
* What threats obstruct supporting those use cases?
* What trust structure are you trying to create and how does it
mitigate the threats while permitting the use cases?
* What algorithms are you going to use and why?
* What security properties are you trying to check?
(Perhaps you've already answered some of these basic questions elsewhere
and you simply left out the citation?)
Two other comments:
If you want to go the route of 'signed content lives in directories',
then please examine the programs in olpc-contents
http://wiki.laptop.org/go/Olpc-contents
and let us know in what way they can be improved before writing your
own.
If you're more interested 'signed content lives in archives', then
JAR-signing might be for you!
Regards,
Michael
P.S. - In the future, please consider CC'ing the security@ list when you
write security-related mail. Interesting people live there.
More information about the Server-devel
mailing list