On Apr 29, 2010, at 3:23 PM, Gregg Wonderly wrote: > Peter Firmstone wrote: >> I don't know how to enable the Service to specify a constraint on the signer >> of the downloaded codebase if not originating from the service, any ideas? > > The HTTPMD protocol handler (URLStreamHandler) does this by requiring that > you know the MD5 sum of the jar that you want to download. If you try and > download the jar, and the sum is different, you can know that the content is > not what you originally knew it to be. > > Not directly signing, but a mechanism that is similar and provides a fairly > secured indication of "source" based on what you knew at the moment you > acquired the MD5 sum.
As long as you use a strong enough message digest -- SHA-1 or something still stronger would be better choices these days now that the safety of MD5 is uncertain -- the security of HTTPMD is just as good as that of code signing. - Tim
