So...suppose we were to do something like this*:
- Added support for both SHA-2 (SHA-256) and 2048-bit RSA certificates.**
- Put the package signing verification certificate where "anyone could
get it"
- Made the signing (certificate-based) check optional.
- Continued to keep the integrity checking optional, whether based on
SHA-2 or SHA-1.
Would that meet the set of needs we've been talking about?
* As usual, no promises.
** I think we have to keep the SHA-1 support because we create an
incompatibility if we don't.
Andrew Rowley wrote:
My further thoughts:
- Would a certificate-based signature do?
- What requirements would you have for certificates?
The signature should use the same type of code signing certificates used
for other platforms. Any company delivering Windows software almost
certainly has a certificate already. There are various implementations,
e.g. Windows exe signing and Java jar signing. I'm pretty sure z/OS can
verify signatures on jars at least. Some thought would have to go into
how you attach a signature to a package and what you attach it to.
- Would you want signature verification to be optional?
Yes. For SMP/E it should be the default, probably at RECEIVE time but
able to be bypassed e.g. RECEIVE... BYPASS(SIGCHECK) .
Non-SMP/E is handicapped by the absence of a standard delivery format.
If you had a tool to deliver a set of non SMP/E datasets, the packaging
format should have an option to include a signature - perhaps with a
warning when extracting if unsigned and/or an option to force signature
checking. It depends on how useful the product would be inside a site -
you don't want to force customers to get their own certificate if they
decide a tool would be useful internally.
- If signature verification were to be optional, would it be
acceptable to use the SHA-1 hash for integrity checking if the
recipient chose not to verify the signature? Or, would it still be
necessary to use a different algorithm?
I'm not sure how useful it is. How likely is it that something be
corrupted in a situation where you can get a hash to verify but can't
verify a signature?
- Anything else to think about?
Lots, I'm sure! It's probably worth also looking at the implementation
of signed SMF data to see how they do it.
Andrew Rowley
--
John Eells
IBM Poughkeepsie
[email protected]
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
