incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jens Alfke <j...@mooseyard.com>
Subject Proposal for digital signatures of documents
Date Sun, 08 Mar 2009 08:49:21 GMT
I've written a proposal of a schema for digitally signing CouchDB  
documents:

	http://wiki.apache.org/couchdb/SignedDocuments

Essentially, you add a nested object to the JSON that contains the  
signature data, the document digest, and the public key identifying  
the signer. This is a direct translation from the original YAML of a  
schema I designed & implemented a year ago for an application I was  
working on. The underlying ideas come from the earlier "key-centric  
identity" systems SDSI and SPKI.

I think something like this would be nearly mandatory in a fully- 
distributed usage of CouchDB, a network of nodes that cannot all trust  
each other. The only way to trust the documents being replicated  
through the system is for each document to independently assert its  
creator and its integrity. That's what signatures give you.

I don't think this would require any changes to CouchDB itself. But  
most uses of it would require verifying signatures in document  
validation functions; this requires doing some serious crypto (like  
RSA encoding), and I don't know if there is any reliable and  
performant JavaScript implementation of that.

Comments and suggestions welcome, of course :)

—Jens
Mime
View raw message