[Go-essp-tech] Question on P2P and signing of registry docs
Gavin M. Bell
gavin at llnl.gov
Thu Jun 2 10:58:42 MDT 2011
Indeed,
Okay... so interested parties should 'sit down' and hash this out (pun
intended) :-).
If you think XMLSec is the way to go, and you have documentation that
you feel would be particularly helpful to getting up to speed on it,
please send it out.
And ofcourse we want to *keep it simple*, whatever we do.
P.S.
Now that we are going to be in crypto land, we need to simultaneously
get the ball rolling on any export issues so by the time we are done
implementing the legal eagles have sorted that stuff out as well so we
don't get stymied later.
On 6/2/11 2:18 AM, philip.kershaw at stfc.ac.uk wrote:
> However, this p2p scenario inevitably brings in to play the need for
> digital signature. The key issue is that when I pass a registry document,
> to another peer I assert information about myself but also information
> about other peers too.
>
> So, we all trust each other so what's the problem? Imagine a node is
> compromised and then look at the consequences.
>
> 1) Without signature. I with the compromised cert can modify my own
> registry doc but I can also assert any rubbish I like about anyone else's
> 2) With signature. I can modify my own registry entry but much as I might
> want to, I can't modify anything about anyone else's because they're all
> signed.
--
Gavin M. Bell
Lawrence Livermore National Labs
--
"Never mistake a clear view for a short distance."
-Paul Saffo
(GPG Key - http://rainbow.llnl.gov/dist/keys/gavin.asc)
A796 CE39 9C31 68A4 52A7 1F6B 66B7 B250 21D5 6D3E
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ucar.edu/pipermail/go-essp-tech/attachments/20110602/a45aa228/attachment.html
More information about the GO-ESSP-TECH
mailing list