couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Noah Slater <nsla...@apache.org>
Subject Re: Proposal for digital signatures of documents
Date Sun, 08 Mar 2009 09:07:37 GMT
On Sun, Mar 08, 2009 at 12:49:21AM -0800, Jens Alfke wrote:
> Essentially, you add a nested object to the JSON that contains the
> signature data, the document digest, and the public key identifying the
> signer. This is a direct translation from the original YAML of a schema I
> designed & implemented a year ago for an application I was working on.
> The underlying ideas come from the earlier "key-centric identity" systems
> SDSI and SPKI.
[...]
> I don't think this would require any changes to CouchDB itself. But most
> uses of it would require verifying signatures in document validation
> functions; this requires doing some serious crypto (like RSA encoding),
> and I don't know if there is any reliable and performant JavaScript
> implementation of that.

This is an interesting idea, but surely document level signing is something that
sits at the application level, not the database level. I'm not sure that I would
replicate from an untrusted node, unless I was prepared to deal with the
consequences. If I did want to make sure of the identity of the node I was
replicating with I would either tunnel over a secure connection using hosts keys
or proxy through an SSL gateway with server/client certificates and an ACL.

-- 
Noah Slater, http://tumbolia.org/nslater

Mime
View raw message