On Tue, Apr 28, 2009 at 07:39:02PM -0500, Shawn Walker wrote: > That in turn makes verifying that the retrieved manifest matches the > server correctly "fun".
What you mean is that you need to define a manifest canonicalization procedure so that: a) signatures always sign the canonical manifest, b) the verification is always done using the canonical manifest and given signature as inputs. To canonicalize a manifest you'd specify a collation for the manifest's actions, and which actions to leave out. I know, it's a pain. But canonicalization is an issue that commonly applies to protocols involving signatures. The only way to avoid canonicalization is to define the canonicalization from the get go and always keep all to-be-signed data in canonical form. Incidentally, to have chained signatures all you'd have to do is have each signature action reference the signatures that need to be included in the canonicalized manifest for verification. Nico -- _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
