On Sun, Mar 8, 2009 at 12:49 AM, Jens Alfke <[email protected]> wrote: > I've written a proposal of a schema for digitally signing CouchDB documents: > > http://wiki.apache.org/couchdb/SignedDocuments > > Essentially, you add a nested object to the JSON that contains the signature > data, the document digest, and the public key identifying the signer. This > is a direct translation from the original YAML of a schema I designed & > implemented a year ago for an application I was working on. The underlying > ideas come from the earlier "key-centric identity" systems SDSI and SPKI.
I think this is important stuff (working on a p2p messaging application right now that will use it). It's not about trusted or untrusted nodes, it's about validating authors of documents when you can't trace the provenance. I think you'll want to add to the signature field, a list of the signed fields. This way _rev can change freely, and intermediate users can add new fields, without breaking the signature. > > I don't think this would require any changes to CouchDB itself. But most > uses of it would require verifying signatures in document validation > functions; this requires doing some serious crypto (like RSA encoding), and > I don't know if there is any reliable and performant JavaScript > implementation of that. > There are reliable JS md5 and sha1 libs. Will that get you there? -- Chris Anderson http://jchris.mfdz.com
