Hans-Martin Mosner wrote:
> Mikesch,
Haven't heard that a while ;-)

> regarding users and code signing. Basically, I use the DSA to generate a
> public key pair, and every item in the SCAN database is signed by its
That's what's in the code loader, it is not enabled for the examples
(the web page documenting this is "under construction").

> owner. What' missing is a certification infrastructure; I was thinking
> of something like the web of trust model in PGP. User keys could be
> certified either by other users, or (weaker) by servers which interact
> through the user's e-mail address. That way, you would have some kind of
> initial certification that a public key belongs to an e-mail address,
> and for many purposes, this is well enough connected to a real user.

Well, the problem is, that a lot of users for the plugin would be
"normal" users, so you can't ask them to even think about how the
security is working.
I thought about putting up key servers, with keys bound to domain names
rather than e-mail addresses. If code is signed with a key that is not
(yet) registered on one of the key servers, the user would be asked if
he is willing to still execute the code. This is somewhat similar to the
Java model, but we can't build on a single trusted source like verisign.
Not until we have key servers at least.

Michael

-- 
 "To improve is to change, to be perfect is to change often." 
                                            Winston Churchill
+------------------------------------------------------------+
| Michael Rueger    m.rueger at acm.org      ++1 (310) 937 7196 |
+------------------------------------------------------------+