On Wed, May 23, 2012 at 06:40:28PM +0200, Stephan Beal wrote: > On Wed, May 23, 2012 at 6:35 PM, Lluís Batlle i Rossell > <vi...@viric.name>wrote: > > > But what would you sign? The original tree? Comment updates? Tags? Dates? > > All > > until some point? What on later changes to the checkin? > > > This is possibly a very naive question (i know painfully little about > cryptography), but can a signature not simply be applied (non-invasively) > to any given artifact ID, and then be compared later to the current > contents of the referenced artifact? i.e. the signing being separate from > (but dependent on) the artifact table data? This implies that the contents > could still be tampered with, and could be used by the client, and that > tampering would/could be revealed if the keys associated with the artifact > are checked and fail to compare (logically an extra step, but i assume it > would/could be integrated into the checkout process).
That's what I proposed, signing *groups of* artifact IDs (and storing the signatures in artifacts IDs apart). But how to choose the artifacts in the group? How to determine easily the group of artifacts someone wants to sign? This is more an interface question. And then, what to do when a checkin final view (comments, tags, ...) has part of artifacts signed, and part not? Monotone has very clear rules about what to do with signatures, partial signatures regarding checkins, etc. It's all modeled around that. I'd like something, even if not that integrated into the usage, acceptable in fossil in terms of trust. Even the git style of signing a tag is quite good and simple at once, and for the limits of git, it's very specific on what it signs. Fossil has much broader information to sign or trust, even for every checkin. Regards, Lluís. _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
