Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 17568 invoked from network); 8 Mar 2009 17:48:54 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 8 Mar 2009 17:48:54 -0000 Received: (qmail 67030 invoked by uid 500); 8 Mar 2009 17:48:52 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 66985 invoked by uid 500); 8 Mar 2009 17:48:52 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 66974 invoked by uid 99); 8 Mar 2009 17:48:52 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 08 Mar 2009 10:48:52 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of jens@mooseyard.com designates 208.97.132.202 as permitted sender) Received: from [208.97.132.202] (HELO randymail-a4.g.dreamhost.com) (208.97.132.202) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 08 Mar 2009 17:48:44 +0000 Received: from [10.0.1.105] (76-191-199-100.dsl.dynamic.sonic.net [76.191.199.100]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by randymail-a4.g.dreamhost.com (Postfix) with ESMTP id CCD2C194E06 for ; Sun, 8 Mar 2009 10:48:23 -0700 (PDT) Message-Id: <3BC004F2-6BF3-43BA-94D9-FB8D4E8DEE99@mooseyard.com> From: Jens Alfke To: user@couchdb.apache.org In-Reply-To: Content-Type: text/plain; charset=WINDOWS-1252; format=flowed; delsp=yes Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Apple Message framework v930.3) Subject: Re: Proposal for digital signatures of documents Date: Sun, 8 Mar 2009 10:48:22 -0700 References: <283A6EDD-6701-4A6A-88AE-8B97E6D11D9E@mooseyard.com> X-Mailer: Apple Mail (2.930.3) X-Virus-Checked: Checked by ClamAV on apache.org On Mar 8, 2009, at 10:14 AM, Chris Anderson wrote: > I think you'll want to add to the signature field, a list of the > signed fields. This way _rev can change freely, and intermediate users > can add new fields, without breaking the signature. That would be one way to do it. Another is to apply the signature not =20= to the top-level document itself but to an object nested inside it. =20 The nice thing about this signature schema is that it has a very =20 flexible topology, so you can sign pieces of objects, have multiple =20 signed pieces in an object, etc. > There are reliable JS md5 and sha1 libs. Will that get you there? No, unfortunately. Verifying a signature requires re-running the =20 public-key algorithm over the message digest. So this would require an =20= implementation of RSA or the equivalent. (RSA is ubiquitous but getting old; apparently elliptic-key systems =20 are gaining favor because they provide more security per bit of key =20 length. I don't know whether they're any less compute-intensive than =20 RSA. I'll do some research and try to find JS impls of any of these.) =97Jens=