On 09/16/2014 02:19 PM, Bert Massop wrote: > On Tue, Sep 16, 2014 at 5:42 AM, Steve Dougherty <st...@asksteved.com> > wrote: > >> The trusted key IDs are updated if the channel definition is signed with >> enough valid signatures under the existing definition. This means >> everything on a channel - not just the files like freenet.jar - require >> signatures. >> > > The update channel idea sounds great in general. I do see one major problem > with the a above, though. > > Consider a rather old update channel (USK@…/…/100). Now suppose the update > channel is so old that edition 0 has fallen out of Freenet (which will > obviously happen, given the nature of Freenet). A new client subscribes to > the update channel (for obvious reasons, this will be USK@…/…/0) — what > happens? The new client now has no way of verifying that the definition > file has not been tampered with since the last trusted edition (i.e. > edition 0). In fact, this problem arises if *any* single previous edition
How so? If the channel definition's signing requirements have not changed since the definition the channel was added with - namely the first one given edition 0 - the fetchable definition / update edition can still be verified. > becomes unretrievable for any reason: the chain is broken and authenticity > can no longer be verified. This is true if the definition of the fetchable edition(s) contains different signing requirements and does not pass verification by the starting (seed? initial?) definition. Release managers will need to distribute updated channel definitions when signing requirements change for that reason.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
