On Wed, Mar 16, 2005 at 09:16:08AM -0600, John Arbash Meinel wrote: > >Presumably since it also wants to sign the log file, but avoid a > >detached signature for every file (ugly). > > Why not put both detached signatures into the checksum file?
How would it know which file gets which signature? I don't think the name is actually stored in the detached signature. Even if arch guessed, wouldn't that degrade security? Don't forget that PGP signing is just asymmetric signing of a hash anyway. If you have a logfile, a cacherev, and a patch in the same directory, that's three different hashes. If arch doesn't 'know' (in both the technical and the trustworthy sense) which one applies to which file, you've given an attacker three different hashes they could try to emulate -- effectively, IIUC, you've cut the difficulty in three. IMO, I like the idea of two (or more) different hashes being applied and all being checked. I'd like to see the file size being recorded as well. The difficulty of matching all hashes, and doing so with the given file size, is high enough to make the arch step a no-op. If arch's step doesn't degrade (or contribute to) security, we then just rely purely on PGP for the security. (And if PGP goes down, we're kinda hosed anyway.)
signature.asc
Description: Digital signature
_______________________________________________ Gnu-arch-users mailing list Gnu-arch-users@gnu.org http://lists.gnu.org/mailman/listinfo/gnu-arch-users GNU arch home page: http://savannah.gnu.org/projects/gnu-arch/
