On Thu, Jul 31, 2008 at 04:09:04PM -0400, James Carlson wrote: > Nicolas Williams writes: > > > I don't understand the usage case for nested signatures (don't I just > > > care about the bits delivered?), but at least parallel signatures > > > ought to be offered. > > > > As I imagine it the publication service would sign the manifest and the > > signature of the manifest by the submitter. That would make it a nested > > signature. > > My question was "why." What does it gain the publication service to > sign someone else's signature? It means only that some third party > can't remove or alter that other (upstream) signature, but if someone > were to do that, how is that alteration the publication service's > problem? Why should he care?
I don't have a terribly good reason for this. I was going on the instinct that it could be useful to know who submitted the pkg to the publication service. OTOH, if you're replacing the signatures you might as well re-submit for publication, in which case you'll get a new signature from that service. I.e., that third party can just as well have their own publication service. So I don't see nesting the signatures here as particularly harmful. > (It almost sounds to me like you might be trying to build in the > option for some kind of licensing system, but I'm not quite seeing how > it would work.) The thought hadn't entered my mind. I too don't see how it would work.
