couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Candler <B.Cand...@pobox.com>
Subject Re: Proposal for digital signatures of documents
Date Tue, 14 Apr 2009 09:12:41 GMT
On Mon, Apr 13, 2009 at 11:53:05AM +1000, Mark Hammond wrote:
> Would it be possible to just list the field names rather than forcing  
> another object into the mix?
...
>       {
>         "_id" : "89a7stdg235",
>         "_rev" : "1-26476513",
>         "signed-fields: [ "message", "date", "author"]

I can see scope for document tampering, unless signed-fields is itself
(unconditionally) signed.

How useful is it in practice to sign part of a document? This sounds very
application-specific to me, and something that couchdb itself should not
concern itself with. Applications can still attach these partial signatures,
and validate them. If you want couchdb to honour them (e.g. in replication
or in view building), then there will have to be policies as to which fields
require signatures.

This might be a good application for a more "modular" couchdb though - e.g.
if it were easier to plug into the existing view engine to apply such
policies.

Mime
View raw message