Kev Jackson wrote:

Here are my current plans
-pull the declaration of <verifyjar>, tests, etc.
-I'd leave the code over in optional, always excluded, with a "here is why this is broken" comment. Its aim is to warn off others.
-Not attempt to use jar signing as a way of verifying JAR downloads in <libraries>; this was my plan.


Could you load the classes in a secure loader and then try various methods - pulled out through reflection? Presumably you'd get an exception if you tried to execute a method in a secure environment when the class wasn't signed?

unless there was some other reason for it failing; side effects, etc, etc.

Failing that is there anything in the bytecode, just read the correct segment of the class to discover if it's signed. How else would the VM know if the jar was signed without checking the classes?

yes, you can reverify by hand. I just didnt want to go to the effort of writing the stuff. Oh, and the classes to help you are all com.sun stuff that moves around; not part of the public Java API, so cant be used.

Jar downloads could be verified by checksum though. Although the MD5 and SHA1 have been shown to be susceptible to brute-force attacks.

md5 is doomed; it is only a matter of (short) time. SHA1 is still secure against a motivated government. Which is good, as that is what jar signing uses.


We'll have to use SHA1 with <libraries>. Currently the maven repository has .md5 files, but since the md5 files arent signed in anyway, there is no way to detect the subversion of both the md5 and the binary itself.

what you need is
-remote fetch of checksums from a trusted HTTPS site
or
-proper signature files, not just checksum files, with the signatory trusted


this leads to another problem, which is we'll need to have the public cert of apache included in a certificates file in Ant, and make sure that the ant distros (both standalone and embedded) dont get subverted.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Reply via email to