-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wed, 5 Oct 2005 08:38:55 EDT
Bernd> If I may jump into the middle here... if, AFAICT, the purpose is to Bernd> bind a signature to a specific commit and no other, and also to the Bernd> complete file contents (figuring out $strings$ later), would it not be Bernd> sufficient to generate, say, Bernd> ----- BEGIN PGP SIGNED MESSAGE ----- Bernd> Comment: blah blah comments are untrusted Bernd> Repository revision: 1.5 /home/cvs/cvsroot/ifsf-sst/foo.c,v Bernd> #include <stdio.h> I was thinking the same thing. Signing the new revision number is sufficient for preventing a replay attack. If the revision number and diff/complete file are signed as a chunk, the client will not be able to replay a previous revision. Signing of other stuff, like the location of or in the repository is not useful because over time ,v files can move when directory hierarchies or hosts are changed (consider recent switch from cvshome to savannah). So the information will not be verifiable in the long term. Bernd> No, wait, if an attacker has root access to the CVS server, revision Bernd> numbers become untrusted. Really all you're trying to achieve is to Bernd> identify the real culprit, so that Eve can't frame Alice. If an attacker has access to the repository, and wishes to resurrect an old buggy version of a file, with signed revision numbers as above, they can rollback the file to a previous revision. However this would be detected rather easily, since it would break all existing sandboxes, and either break the build or remove newly added features. In addition, none of the other proposed schemes would protect against this rollback either. Alex - -- https://savannah.gnu.org/projects/libcvs-spec Access CVS through a library. PGP: ID: 0x23DC453B FPR: 42D0 66C2 9FF8 553A 373A B819 4C34 93BA 23DC 453B No Prime Minister, a clarification is not to make oneself clear, it is to put oneself in the clear. -- Sir Humphrey Appleby -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (OpenBSD) Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/> iD8DBQFDQ8lmTDSTuiPcRTsRAnlGAKCIgAgu+j5HbQZmJRw7/TsWWuBfHwCeN20z KwshZhuugukfA4LRmWfGb9Q= =sL7k -----END PGP SIGNATURE----- _______________________________________________ Bug-cvs mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/bug-cvs
