Hi, On 22/05/13 17:48, Ludovic Courtès wrote:
>> Also, rather than having a separate .sig file, the signature could be stored >> in >> the narinfo file itself. That would halve the number of HTTP requests. > > Well, the .sig only needs to be downloaded when the user actually > substitutes something; this is not a situation where it would really > make a difference. > > Also, how would the signature be formatted, then? Maybe adding a line like: Signature: EcUemBbhdfRkA6hWXb8qCb... which would be a base-64 encoding of the signature of the .narinfo up to that point (as computed by "openssl pkeyutl -sign"), plus a fingerprint of the public key to be used to check the signature. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
