[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Plans to add signing ?

From: solo turn <soloturn99_at_yahoo.com>
Date: 2003-12-11 19:55:42 CET

--- Tom Lord <lord@emf.net> wrote:
>
>
>
> > From: solo turn <soloturn99@yahoo.com>
>
> > i always assumed adding "signing" is basically a non-issue as
> > subversions design allows to just add it with little effort?
>
> [...]
>
> > if i'm not wrong this allows:
> > - signing of single files
> > - therefor mixed revision working copies
> > - prevents serverside tampering
> > - verifying the signature at any time,
> > given that you somehow are able to
> > access the (committers) public key.
>
> Do I understand correctly that you are suggesting just attributing
> every revision of every file with a signature?
yes. somehow you have to choose an entity to sign, and if it should be stamped with the developper
signature, you can only sign it locally, before sending. and this might be:
- files/directories
- changesets

[...]

> I think that in the long run the fix people are moving towards will
> involve:
>
> a) making sure (to the limits of key mgt.) that all new
> entries to the source base come from authorized
> contributors
>
> b) making sure that no old entries have been modified
> (even by an authorized contributor).

not sure if b) is necessary. if you do not trust people in a network of trust you have a problem.
in any case. there has to be machanisms how to handle (rollback?) a compromised person/key and the
output.

[...]

> To validate the project host after a known compromise, for example,
> one would have to read every revision of every file of every project
> -- verifying both that the signature of that revision has not changed
> and that the file contents still match the signature. At the very
> least, it's going to take a lot of work to optimize such a process.
>
> It doesn't work just to let clients do all the verification on
> check-out: that would mean distributing to clients _both_ all of the
> necessary public keys _and_ a trusted historic record of what the
> particular signature is supposed to be.

a public key is public, and its an independent problem how you get public keys. maybe there are
public key servers where you send a list of serial ids and get back a list of keys?

and you can choose what to check. you are fine if you check the things you need (i.e. check out).

if you sign developpers work, how much would you gain, if you just sign change sets? or what
entity would you like to sign to make it secure?

__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Dec 11 19:56:23 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.