Mikesch, you might want to look ate the ideas I have for the SCAN repository regarding users and code signing. Basically, I use the DSA to generate a public key pair, and every item in the SCAN database is signed by its owner. What' missing is a certification infrastructure; I was thinking of something like the web of trust model in PGP. User keys could be certified either by other users, or (weaker) by servers which interact through the user's e-mail address. That way, you would have some kind of initial certification that a public key belongs to an e-mail address, and for many purposes, this is well enough connected to a real user. If you need more input, just mail me directly.
Hans-Martin
Hans-Martin Mosner wrote:
Mikesch,
Haven't heard that a while ;-)
regarding users and code signing. Basically, I use the DSA to generate a public key pair, and every item in the SCAN database is signed by its
That's what's in the code loader, it is not enabled for the examples (the web page documenting this is "under construction").
owner. What' missing is a certification infrastructure; I was thinking of something like the web of trust model in PGP. User keys could be certified either by other users, or (weaker) by servers which interact through the user's e-mail address. That way, you would have some kind of initial certification that a public key belongs to an e-mail address, and for many purposes, this is well enough connected to a real user.
Well, the problem is, that a lot of users for the plugin would be "normal" users, so you can't ask them to even think about how the security is working. I thought about putting up key servers, with keys bound to domain names rather than e-mail addresses. If code is signed with a key that is not (yet) registered on one of the key servers, the user would be asked if he is willing to still execute the code. This is somewhat similar to the Java model, but we can't build on a single trusted source like verisign. Not until we have key servers at least.
Michael
squeak-dev@lists.squeakfoundation.org