On 14/04/2009 7:12 PM, Brian Candler wrote:
On Mon, Apr 13, 2009 at 11:53:05AM +1000, Mark Hammond wrote:
Would it be possible to just list the field names rather than forcing
another object into the mix?
...
{
"_id" : "89a7stdg235",
"_rev" : "1-26476513",
"signed-fields: [ "message", "date", "author"]
I can see scope for document tampering, unless signed-fields is itself
(unconditionally) signed.
Yeah - I can see that the list of fields must form part of the signature.
How useful is it in practice to sign part of a document? This sounds very
application-specific to me, and something that couchdb itself should not
concern itself with.
I can see a use-case for a signed message, but an application needing to
change one or 2 application-specific fields without invalidating the
signature (eg, it might want to record the date the signed document was
added to the couch, or some other 'state'). There are probably
alternative models people could use in this case, but if we can keep
things simple for people, all the better.
So while I agree each applications requirements will be different in
some way, I can see it being helpful to many applications to allow only
a subset of the fields to be signed.
I hate to bring up signed blobs too - so some consideration probably
needs to be given to attachments...
Cheers,
Mark
