[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Plans to add signing ?

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: 2003-12-11 17:28:12 CET

On Thu, 2003-12-11 at 11:18, John Pybus wrote:
> The client certs could be used to sign SHA1 hashes before submitting
> data. The server could validate the hash and signature then store it as
> a property.

Yes... if the contents of each file are signed with a property upon
checkin (something the server could verify in a pre-commit hook), then
clients could verify the contents of each file.

But, because we auto-merge directory operations, I think it would be
impossible to sign directory operations (particularly deletions) in a
way which is verifiable by other clients. In some cases you might be
able to do damage by forging the deletion or movement of files, e.g.
disabling security code which would otherwise be compiled in.

So, it might be worthwhile to sign file contents, but for real
protection against tampering we'd have to provide a way to disable the
auto-merge feature so that you could sign whole directories before
checkin.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Dec 11 17:28:55 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.