Hi,
like the most people noticed, we started a reorganization of our backend stuff. This means al dynamic content is moved into the database. The result is that we now have a table to store private data like keys, PINs and keybackups. We additionally have a new table data where we can store references to connect the different tables.
In the past we had several times problems with the signature handling. It is also nearly impossible today to sign an object twice (four eyes principle). After the last changes it is possible to remove the private keys from the requests (and certificates) and store this key in the table data. The signatures are the only part of request (CSR or CRR) which are no integral part of the request but stored in the request table.
What do you think about creating a new table signature where we store all signatures. The structure could be:
sign_key - serial number of the signature data - the serialized signature format - mainly for compatibility object_type - request, CRR or whatever object_key - serial of the signed object
There is no signature without a reference to an object. Therefore it is a good idea to store the reference not in the data table because this costs a lot of performance.
So what do you think about this idea? I'm happy about every comment.
Michael -- _______________________________________________________________
Michael Bell Humboldt-Universitaet zu Berlin
Tel.: +49 (0)30-2093 2482 ZE Computer- und Medienservice Fax: +49 (0)30-2093 2704 Unter den Linden 6 [EMAIL PROTECTED] D-10099 Berlin _______________________________________________________________
------------------------------------------------------- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
