couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Hammond <skippy.hamm...@gmail.com>
Subject Re: Proposal for digital signatures of documents
Date Tue, 14 Apr 2009 10:15:11 GMT
On 14/04/2009 7:12 PM, Brian Candler wrote:
> On Mon, Apr 13, 2009 at 11:53:05AM +1000, Mark Hammond wrote:
>> Would it be possible to just list the field names rather than forcing
>> another object into the mix?
> ...
>>        {
>>          "_id" : "89a7stdg235",
>>          "_rev" : "1-26476513",
>>          "signed-fields: [ "message", "date", "author"]
>
> I can see scope for document tampering, unless signed-fields is itself
> (unconditionally) signed.

Yeah - I can see that the list of fields must form part of the signature.

> How useful is it in practice to sign part of a document? This sounds very
> application-specific to me, and something that couchdb itself should not
> concern itself with.

I can see a use-case for a signed message, but an application needing to 
change one or 2 application-specific fields without invalidating the 
signature (eg, it might want to record the date the signed document was 
added to the couch, or some other 'state').  There are probably 
alternative models people could use in this case, but if we can keep 
things simple for people, all the better.

So while I agree each applications requirements will be different in 
some way, I can see it being helpful to many applications to allow only 
a subset of the fields to be signed.

I hate to bring up signed blobs too - so some consideration probably 
needs to be given to attachments...

Cheers,

Mark

Mime
View raw message