Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 69086 invoked from network); 14 Apr 2009 09:13:17 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 14 Apr 2009 09:13:17 -0000 Received: (qmail 20440 invoked by uid 500); 14 Apr 2009 09:13:16 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 20322 invoked by uid 500); 14 Apr 2009 09:13:16 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 20312 invoked by uid 99); 14 Apr 2009 09:13:16 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 14 Apr 2009 09:13:16 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of b.candler@pobox.com designates 208.72.237.25 as permitted sender) Received: from [208.72.237.25] (HELO sasl.smtp.pobox.com) (208.72.237.25) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 14 Apr 2009 09:13:07 +0000 Received: from localhost.localdomain (unknown [127.0.0.1]) by a-sasl-quonix.sasl.smtp.pobox.com (Postfix) with ESMTP id 15DDBEAF0; Tue, 14 Apr 2009 05:12:45 -0400 (EDT) Received: from mappit (unknown [80.45.95.114]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by a-sasl-quonix.sasl.smtp.pobox.com (Postfix) with ESMTPSA id B0ABBEAEF; Tue, 14 Apr 2009 05:12:43 -0400 (EDT) Received: from brian by mappit with local (Exim 4.69) (envelope-from ) id 1Lteh8-0005TM-1e; Tue, 14 Apr 2009 10:12:42 +0100 Date: Tue, 14 Apr 2009 10:12:41 +0100 From: Brian Candler To: mhammond@skippinet.com.au Cc: user@couchdb.apache.org Subject: Re: Proposal for digital signatures of documents Message-ID: <20090414091241.GA20903@uk.tiscali.com> References: <49E29B01.3040301@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <49E29B01.3040301@gmail.com> User-Agent: Mutt/1.5.17+20080114 (2008-01-14) X-Pobox-Relay-ID: 6A63CDB4-28D4-11DE-994E-DC76898A30C1-28021239!a-sasl-quonix.pobox.com X-Virus-Checked: Checked by ClamAV on apache.org On Mon, Apr 13, 2009 at 11:53:05AM +1000, Mark Hammond wrote: > Would it be possible to just list the field names rather than forcing > another object into the mix? ... > { > "_id" : "89a7stdg235", > "_rev" : "1-26476513", > "signed-fields: [ "message", "date", "author"] I can see scope for document tampering, unless signed-fields is itself (unconditionally) signed. How useful is it in practice to sign part of a document? This sounds very application-specific to me, and something that couchdb itself should not concern itself with. Applications can still attach these partial signatures, and validate them. If you want couchdb to honour them (e.g. in replication or in view building), then there will have to be policies as to which fields require signatures. This might be a good application for a more "modular" couchdb though - e.g. if it were easier to plug into the existing view engine to apply such policies.