Martin,
Thanks for your note. Unfortunately, it left me with more questions than
with answers. Some questions include:
* What use cases are you trying to support?
* What threats obstruct supporting those use cases?
* What trust structure are you trying to create and how does it
mitigate the threats while permitting the use cases?
* What algorithms are you going to use and why?
* What security properties are you trying to check?
(Perhaps you've already answered some of these basic questions elsewhere
and you simply left out the citation?)
Two other comments:
If you want to go the route of 'signed content lives in directories',
then please examine the programs in olpc-contents
http://wiki.laptop.org/go/Olpc-contents
and let us know in what way they can be improved before writing your
own.
If you're more interested 'signed content lives in archives', then
JAR-signing might be for you!
Regards,
Michael
P.S. - In the future, please consider CC'ing the security@ list when you
write security-related mail. Interesting people live there.
_______________________________________________
Devel mailing list
Devel@lists.laptop.org
http://lists.laptop.org/listinfo/devel
