On Wed, Sep 09, 2009 at 03:08:24PM -0700, Bart Smaalders wrote: > [...] > signature type=x.509 hashtype=sha-256 sigtype=rsa-pkcs public_key=<hash> > [public_key=<hash>] ... value=<hash> ... > [...] > For testing and process verification purposes, a signature of type > "identity" is also supported; this presents the unsigned hash as > the value directly: > > signature type=identity hashtype=sha256 value=<hash>
The 'type' attribute seems confused. In the first case (type=x.509) what's really being indicated is a certificate type (could be x.509, could be a raw public key ala SSH), while in the second case the type is really like sigtype. I recommend: signature hashalg=sha-256 sigalg=rsa-pkcs certtype=x.509 public_key=<hash> ... signature hashalg=sha-256 sigalg=rsa-pkcs certtype=none public_key=<hash> ... signature hashalg=sha-256 sigalg=none value=<hash> ... The last one corresponds to type=identity. The second one corresponds to raw public keys, without using certificates. Also, why can there be more than one public_key=<hash> per signature action? Finally: what should be named by public_key= in the case of x.509 signatures: a hash of the public key, or the certificate? And if the certificate, by issuer-and-serial, or hash of the certificate? > Policy constraints regarding required signatures on pkgs will specify > a public key that must appear in the certificate path of a valid signature > on a manifest to enable installation; such policy constraints may be > applied to all repos or just one. I'm not sure what this means. I think you might have meant that the key used to make a signature action should be from a certificate that is valid, including a valid path to a trust anchor. Otherwise it looks good to me. Nico -- _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
