There is of course one limitation on using SPKI authority certificates
in a jar file, it gets a little impractical to for multiple entities to
consume this service, it doesn't scale well, the jar file would become
bloated with authority certificates for different domains.
Perhaps there might be some way instead for my friend (or a friend of a
friend of a frend of mine) to sign the jar file and also provide a URI
(or service with reflectiive proxy) where an authority certificate chain
can be found with my public key? The authority certificate must be
signed by my private key, so cannot be forged and the chain must lead to
the certificate used to sign the jar file.
That might scale better?
Peter.
On 18/06/2012 10:24 PM, Peter Firmstone wrote:
Until recently, I thought SPKI Certificates were only suitable for
distributed user authorisation.
Quick recap: I sign an authority certificate, to be used on my system
and delegate it to a friend (creating a certificate chain), allowing
my friend remote access to my computer, because my computer recognises
my certificate, it's sort of like me being the Certificate Authority
for my own domain. I can also allow my friend to delegate certain
authorisations to his friends (by signing their cert) and so on. (I
cannot limit the level of delegatation, an authority certificate can
either be delegated or not).
Well what if a jar file can be signed by someone whom I've delegated
an authority certificate for DownloadPermission?
My computer doesn't even need to know who the other person is who's
signed the jar file, all it needs is my authority certificate.
Does this let the Geenie out of the bottle? Not if I sign with a
secondary certificate I use for delegation, since I can revoke that
certificate locally, then all the people whom I've delegated the
permission can no longer take advantage of it (except for those whose
classes have been already loaded).
The authority certificates I generate are only useful in my domain.
This allows administrators and their dominions to remain separate, yet
remain able to determine authorisation.
Rather simple isn't it?
The added benefit is that a ClassLoader loaded using signed jar files
will be more secure as it prevents the loading of unsigned jar files
into that class loader by a potential attacker.
Interestingly, if my friend grants me DownloadPermission, I can create
a service with a smart proxy and my friend can use it to log into my
system using authorisation certificates I've granted to access my domain.
SPKI certificates can also be given short expiry periods, issued daily
or weekly by an administrator to whom I've delegated authority.
Peter.
