-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 draft-ietf-p2psip-base-21, section 11.1:
" Any configuration file through the overlay (as opposed to directly from the configuration server) MUST be signed by one of the configure-signers from the previous extant configuration. Recipients MUST verify the signature prior to accepting the configuration file." This text implies that configuration file coming from the configuration server does not need to be signed. But in this case how can a recipient receive a signed configuration file through the overlay? Let's say that Node A joined with an unsigned configuration file with sequence 9, retrieved from the configuration server. Later the configuration server is updated with a configuration file with sequence 10. Node B wants to join, so retrieve configuration #10, then receives a request from A, which it rejects before sending a ConfigUpdate with configuration #10. B cannot verify it because it is unsigned. So does not that imply that a configuration file coming from the configuration server MUST be signed? The only case that could work is if the only nodes that can propagate a new configuration file are the configuration-signerS. In this case they can retrieve the new configuration file and sign it before sending the ConfigUpdate. Was that the intent of this text? Nit in the same paragraph: s/one of the configure-signers/one of the configuration-signer/ - -- Marc Petit-Huguenin Email: [email protected] Blog: http://blog.marc.petit-huguenin.org Profile: http://www.linkedin.com/in/petithug -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJP80goAAoJECnERZXWan7E26AP/AtYOEBNi7XUTw4f02TnaD/i 1ZTrUB25V/KYSOQsP9MYd4v/PUaXJrLSu2yEzj59y0lxGRGilBAIDQNJwg3rGkJF X6Dg2EHfob/OrdDlhgdUGHetA6zIPO+P8TG3obgFU4d/FbU+BqUwL6BCrpqz+mEP C4K87NCYxj5b1pFTx72Xb+5udy2hnqLmBNpWUmHTDAI2LZGerEJQN4782E/mvMw5 USRFkUvyQX02mzoPqy2PiLWqWSVPJ8jhxVSm7PepnPzjtpTFjwBdD4MiiwiGogPV 0BDPwxVDa+M1jJuaeVQUuDGUyvij3TVxie3lA15V8KfO7/09TVSUV8xANXfSsqSM vc4SMlk4hHXc+MQSG0gGQCmW4q499m8AYpTzrZkF/jhJHyx31BdZg41Wae358Hne iw6v+v5vbcWmN3j0VbOb4kimlO+aaxTm4Bi7PwvUni9MH/m8Dbsadi3PPG9JN98F F1aSxTtIqDlLKb2sBCxivrSS9IkMKzwckueyTs1R1cgqAaQ0u6rcVUmkNjAoc5H1 b084wKzUmQi0dEekMsX/PTryArUuFuEdOBE4oR++viVocqx0zhCd7ocF9vu2PPsi A8+CHQjuvNJDQhqI1ZgggWHVWfm5urqCYSQsAsoOqormsZY1YqXxZUsWaIGCs8dh izSpi/KI7s1eub7pBpOt =ybHn -----END PGP SIGNATURE----- _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
