Re: [fossil-users] Digital signatures on check-ins. Was: tangent vs. wyoung on recent commti

[Jungle Boogie]

On Fri 22 Dec 2017  6:13 AM, Warren Young wrote:
> On Dec 21, 2017, at 4:57 PM, jungle Boogie  wrote:
> > 
> > On 21 December 2017 at 15:03, Warren Young  wrote:
> >> On Dec 21, 2017, at 2:58 PM, jungle Boogie  wrote:
> >>> perhaps left of the username.
> >> 
> >> I think right, simply because it’s currently ordered most-clicked to 
> >> least-clicked, more or less.
> >> 
> > 
> > In between the username and date/time or right of date/time?
> 
> I was thinking far right, after the tag in the Modern view.  I sometimes 
> click on the checkin ID, I almost never click on the user name, and when I 
> click on a tag, it’s generally from some other view than the Timeline.  

Oh, I was thinking in the overview section of a commit, left of the
username:
http://www4.fossil-scm.org/info/8a53d4016ee960ab

Shift what's there down a bit to have the icon line up with the other
records above and below.

With what you said, I do think that placement is nice.
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Digital signatures on check-ins. Was: tangent vs. wyoung on recent commti

[Warren Young]

On Dec 21, 2017, at 4:57 PM, jungle Boogie  wrote:
> 
> On 21 December 2017 at 15:03, Warren Young  wrote:
>> On Dec 21, 2017, at 2:58 PM, jungle Boogie  wrote:
>>> perhaps left of the username.
>> 
>> I think right, simply because it’s currently ordered most-clicked to 
>> least-clicked, more or less.
>> 
> 
> In between the username and date/time or right of date/time?

I was thinking far right, after the tag in the Modern view.  I sometimes click 
on the checkin ID, I almost never click on the user name, and when I click on a 
tag, it’s generally from some other view than the Timeline.  

I’m predicting that these icons will be even less-often clicked.  You’ll want 
to see them far more often than you’ll want to poke into the details behind 
them.

A detail view could occasionally be useful for roughly the same sorts of 
reasons that you occasionally want to look at some site’s TLS cert in a browser.


New thought: Don’t bother making it configurable to hide these icons.  That can 
be done at the skin level:

svg.signState {
   display: none;
}

That doesn’t just make the icon invisible, it takes no space, so you don’t 
leave an icon-sized gap in the page layout.
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Digital signatures on check-ins. Was: tangent vs. wyoung on recent commti

[Warren Young]

On Dec 21, 2017, at 4:03 PM, Warren Young  wrote:
> 
> I’d recommend designing three distinct black-filled SVG icons

Another idea: Unicode may have characters you can use as icons.

   Lock:  http://www.fileformat.info/info/unicode/char/1f512/
   Open:  http://www.fileformat.info/info/unicode/char/1f513/
   Roger: http://www.fileformat.info/info/unicode/char/2620/

That then requires that you’ve got local fonts that include these characters, 
of course.

SVG could at least be embedded into the HTML, or into CSS via a 
content:url(“data:…”) reference:

   https://css-tricks.com/css-content/
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Digital signatures on check-ins. Was: tangent vs. wyoung on recent commti

[Andy Bradford]

Thus said Richard Hipp on Thu, 21 Dec 2017 16:46:05 -0500:

> Suppose Fossil were enhanced to show an icon beside each check-in that
> indicated whether or not the check-in  had been signed and whether the
> signature had been verified.

Regarding such an enhancement, would  it involve configuring an external
tool that  is passed  the content  (perhaps on  stdin) and  then returns
success/fail/whatever semantics  Fossil defines? If  so, I can  see this
being quite  useful to integrate  with any kind of  content verification
system, and not just PGP. One could write a wrapper around gpg, signify,
openssl, or even submit it to a virus scanner if they wanted, and Fossil
could report the the ``verification'' of it.

Andy
-- 
TAI64 timestamp: 40005a3c8ffe


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Digital signatures on check-ins. Was: tangent vs. wyoung on recent commti

[jungle Boogie]

On 21 December 2017 at 15:03, Warren Young  wrote:
> On Dec 21, 2017, at 2:58 PM, jungle Boogie  wrote:
>>
>> 3) Small green lock, like you see in your browser for https
>> 2) Unlocked & red
>> 1) Locked, but grey
>
> That’s going to make the red-green color blind unhappy:
>
>
> https://en.wikipedia.org/wiki/Color_blindness#Red%E2%80%93green_color_blindness
>

You're right, I wasn't taking that into account.

>>>  And where would they be placed?  Beside the username?
>
> Works for me.
>
>> I think that's a good starting point, perhaps left of the username.
>
> I think right, simply because it’s currently ordered most-clicked to 
> least-clicked, more or less.
>

In between the username and date/time or right of date/time?

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Digital signatures on check-ins. Was: tangent vs. wyoung on recent commti

[Warren Young]

On Dec 21, 2017, at 2:58 PM, jungle Boogie  wrote:
> 
> 3) Small green lock, like you see in your browser for https
> 2) Unlocked & red
> 1) Locked, but grey

That’s going to make the red-green color blind unhappy:

   
https://en.wikipedia.org/wiki/Color_blindness#Red%E2%80%93green_color_blindness

There are browser plugins to simulate the various forms of color blindness.  
It’s fascinating to play with them for a while.

I’d recommend designing three distinct black-filled SVG icons, then style as 
follows:

1. Drop the opacity of all signedness-state icons to blend it with the 
background, giving a darker form of the skin’s BG color:

   svg.signState {
  opacity: 0.4;
   }

2. Change the inner fill color of the icons based on applied classes:

   svg.signed.inner {
  fill: deepskyblue;
   }
   svg.forged.inner {
  fill: firebrick;
   }

The unsigned state has no tint in this example, but it should still have a 
distinct CSS class so that skin authors can recolor it to suit their taste and 
accessibility requirements.

>>  And where would they be placed?  Beside the username?

Works for me.

> I think that's a good starting point, perhaps left of the username.

I think right, simply because it’s currently ordered most-clicked to 
least-clicked, more or less.

> How are the signatures verified?

There are lots and lots of ways because there is no single best answer.  Some 
ideas:

1. Add a column to the Fossil users table.  Add a text input field on Admin > 
Users accepting a GPG public key.  Also add an Admin preference for whether 
this column syncs between clones by default, which effectively controls whether 
trust is transitive.  Downside: the Fossil Admin gets to maintain yet another 
authentication system.

2. Pull from a PGP key server by email parsed from the current Contact Info 
column.  Downside: all the problems of PGP email.

3. Delegate identity to another provider via any of

   https://en.wikipedia.org/wiki/Federated_identity
   https://en.wikipedia.org/wiki/Identity_management_system

You might need a pluggable architecture so that Fossil can ship with the first 
two, but BigCorp can swap in an LDAP or RADIUS back end.  It *might* be 
sufficient to allow this to be done via Tcl, as that should give you access to 
quite a few protocol clients, and the ability to write more at need.
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Digital signatures on check-ins. Was: tangent vs. wyoung on recent commti

[jungle Boogie]

On 21 December 2017 at 14:16, Richard Hipp  wrote:
> On 12/21/17, jungle Boogie  wrote:
>>
>> How are the signatures verified?
>
> Signatures are not verified, at the moment.
>
> Probably each repository would have a set of trusted public keys.
> Then as each check-in is received via push (or during a rebuild) those
> with signatures have the signatures verified using the set of trusted
> keys.  Those for which the keys are unknown get marked as signed but
> unverified.
>

Gotcha. I was assuming this was already implemented and I missed a
feature like this.

I like the idea of the repo keeping track of the keys, rather than a
key server _in this instance_. Fossil, while distributed, can work
where's there's no internet. If that's the case, keys wouldn't be
verified.

> The signatures are currently generated by running gpg in a separate
> process.  I suppose the verification step could do something similar.
>
> Hey - I suppose there is a fourth state:  (4) Forgery: The signature
> does not match.

I like SDR's response!

> --
> D. Richard Hipp
> d...@sqlite.org


-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Digital signatures on check-ins. Was: tangent vs. wyoung on recent commti

[Roy Keene]

For what it's worth, I submitted a patch a while back to add S/MIME 
support to Fossil's signature scheme.  I still apply this patch to Fossil 
when I use it.  S/MIME uses PKI and is primarily used for non-repdudiation 
or encryption in email (every major email client supports it out of the 
box).  PKI is also used for HTTPS.


On Thu, 21 Dec 2017, Richard Hipp wrote:


On 12/21/17, jungle Boogie  wrote:


How are the signatures verified?


Signatures are not verified, at the moment.

Probably each repository would have a set of trusted public keys.
Then as each check-in is received via push (or during a rebuild) those
with signatures have the signatures verified using the set of trusted
keys.  Those for which the keys are unknown get marked as signed but
unverified.

The signatures are currently generated by running gpg in a separate
process.  I suppose the verification step could do something similar.

Hey - I suppose there is a fourth state:  (4) Forgery: The signature
does not match.
--
D. Richard Hipp
d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Digital signatures on check-ins. Was: tangent vs. wyoung on recent commti

[Scott Robison]

Forged should be a skull and crossbones. I would think yellow and red
unlocked locks and green locked locks, but definitely with hover text for
those of us with faulty color perception.

On Dec 21, 2017 3:16 PM, "Richard Hipp"  wrote:

> On 12/21/17, jungle Boogie  wrote:
> >
> > How are the signatures verified?
>
> Signatures are not verified, at the moment.
>
> Probably each repository would have a set of trusted public keys.
> Then as each check-in is received via push (or during a rebuild) those
> with signatures have the signatures verified using the set of trusted
> keys.  Those for which the keys are unknown get marked as signed but
> unverified.
>
> The signatures are currently generated by running gpg in a separate
> process.  I suppose the verification step could do something similar.
>
> Hey - I suppose there is a fourth state:  (4) Forgery: The signature
> does not match.
> --
> D. Richard Hipp
> d...@sqlite.org
> ___
> fossil-users mailing list
> fossil-users@lists.fossil-scm.org
> http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
>
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Digital signatures on check-ins. Was: tangent vs. wyoung on recent commti

[Richard Hipp]

On 12/21/17, jungle Boogie  wrote:
>
> How are the signatures verified?

Signatures are not verified, at the moment.

Probably each repository would have a set of trusted public keys.
Then as each check-in is received via push (or during a rebuild) those
with signatures have the signatures verified using the set of trusted
keys.  Those for which the keys are unknown get marked as signed but
unverified.

The signatures are currently generated by running gpg in a separate
process.  I suppose the verification step could do something similar.

Hey - I suppose there is a fourth state:  (4) Forgery: The signature
does not match.
-- 
D. Richard Hipp
d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Digital signatures on check-ins. Was: tangent vs. wyoung on recent commti

[Zakero]

On Thu, Dec 21, 2017 at 3:58 PM, jungle Boogie 
wrote:

> On 21 December 2017 at 13:46, Richard Hipp  wrote:
> > Suppose Fossil were enhanced to show an icon beside each check-in that
> > indicated whether or not the check-in had been signed and whether the
> > signature had been verified.  Thus, there are three states:  (1)
> > unsigned, (2) signed but unverified, and (3) signed and verified.
> > What would the three icons for these three states look like?  And
> > where would they be placed?  Beside the username?
>
> 3) Small green lock, like you see in your browser for https
> 2) Unlocked & red
> 1) Locked, but grey
>
> Nice


> I would think hovering over the icon would show some text, such as
> "This commit is signed & verified".
>
> >   And where would they be placed?  Beside the username?
>
> I think that's a good starting point, perhaps left of the username.
>
> How are the signatures verified?
>

There are several Key Servers available, so it should probably be
configurable.  And if it is configurable, would there be a Key Server per
repository or a Key Server per user?  Or both?
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Digital signatures on check-ins. Was: tangent vs. wyoung on recent commti

[jungle Boogie]

On 21 December 2017 at 13:46, Richard Hipp  wrote:
> Suppose Fossil were enhanced to show an icon beside each check-in that
> indicated whether or not the check-in had been signed and whether the
> signature had been verified.  Thus, there are three states:  (1)
> unsigned, (2) signed but unverified, and (3) signed and verified.
> What would the three icons for these three states look like?  And
> where would they be placed?  Beside the username?

3) Small green lock, like you see in your browser for https
2) Unlocked & red
1) Locked, but grey

I would think hovering over the icon would show some text, such as
"This commit is signed & verified".

>   And where would they be placed?  Beside the username?

I think that's a good starting point, perhaps left of the username.

How are the signatures verified?


> --
> D. Richard Hipp
> d...@sqlite.org



-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users