Return-Path: 
 <user-return-21458-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-user-archive@www.apache.org
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id AF8C0C0B8
	for <apmail-couchdb-user-archive@www.apache.org>;
 Thu,  5 Jul 2012 15:48:34 +0000 (UTC)
Received: (qmail 12786 invoked by uid 500); 5 Jul 2012 15:48:33 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 12732 invoked by uid 500); 5 Jul 2012 15:48:33 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 12724 invoked by uid 99); 5 Jul 2012 15:48:33 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Jul 2012 15:48:33 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=5.0
	tests=RCVD_IN_DNSWL_NONE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of jens@couchbase.com designates
 206.225.164.30 as permitted sender)
Received: from [206.225.164.30] (HELO EXHUB020-3.exch020.serverdata.net)
 (206.225.164.30)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Jul 2012 15:48:25 +0000
Received: from EXVMBX020-1.exch020.serverdata.net ([169.254.4.9]) by
 EXHUB020-3.exch020.serverdata.net ([206.225.164.30]) with mapi; Thu, 5 Jul
 2012 08:48:03 -0700
From: Jens Alfke <jens@couchbase.com>
To: "user@couchdb.apache.org" <user@couchdb.apache.org>
Date: Thu, 5 Jul 2012 08:48:05 -0700
Subject: Re: Cryptograhically signed docs...
Thread-Topic: Cryptograhically signed docs...
Thread-Index: Ac1axY93/PxeLuNfR2OXPw1TIbc4xQ==
Message-ID: <EFAE6E83-6EDA-4EAD-B3E2-0E1A809E4AFD@couchbase.com>
References: 
 <CAMc++1U53sht7v24j+ktQyNe=e2cDTkCsdsX3Bm-KY-0rLR=Eg@mail.gmail.com>
 <79061073-7E58-4CBC-9DC1-8A98C6811796@sri.com>
 <0848BFC4-1340-4FF9-A04D-EE6D205A90A0@couchbase.com>
 <CAMc++1VzimcH8sFzYunE2PSANz_8+4ufzv0H0HQoCYRUQpq2oQ@mail.gmail.com>
 <CAKrvCPiuq9DAe_rHVeKW4c2iOe7snopuyJxJFOEexK8pV+o22w@mail.gmail.com>
 <CAMc++1VB-gNi=byzW_1to_EjWmZ4hvKmKC7-jAvupjSu7MQEsg@mail.gmail.com>
 <CAGUGYeiwmNwZ-wYrGOXB7Qym8yE+B-uSqKQyc83hC6qM_jsrCQ@mail.gmail.com>
 <-3046869085809654149@unknownmsgid>
 <A27A23F4B074415BA75CAA7B692F9189@cloudant.com>
 <CAGUGYeiWwoaCoJe7N=qdrUA_p3z2T_qB0HQhnAb66R4n7jJG=g@mail.gmail.com>
 <CAKrvCPjhywT-s30whnsYjPk6bnunhvaYbzSPE0UiGMTMhaPJMg@mail.gmail.com>
 <4FF4A4F8.70809@gmail.com>
 <CAKrvCPhzU+W9AgtpNES5GatTc1+7UjAqxxjGRZui40QcWUE5Pw@mail.gmail.com>
In-Reply-To: 
 <CAKrvCPhzU+W9AgtpNES5GatTc1+7UjAqxxjGRZui40QcWUE5Pw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0


On Jul 4, 2012, at 1:21 PM, Jan Bot wrote:

> But if you don't know the user who signed the document, how are you going
> to select the proper key to test against? Would the user specify which ke=
y
> he used to sign a doc?

Generally you put the public key itself (possibly wrapped in a certificate)=
 into the document along with the signature.

Note that with signed documents, it becomes almost unimportant who the uplo=
ader of the document is. If someone PUTs a signed document to your database=
, its author is the principal who originally signed it; it doesn't matter w=
ho uploaded it. It could be uploaded anonymously and the system wouldn't ne=
cessarily lose any security. (This is very useful when designing P2P system=
s where documents might get routed/replicated to you via someone who's near=
by but not necessarily trusted.)

=97Jens=