incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From J Chris Anderson <jch...@apache.org>
Subject Re: What are the contents of userCtx in validators ?
Date Sat, 21 Aug 2010 05:22:51 GMT

On Aug 20, 2010, at 9:31 PM, sgoto wrote:
>> 
>> Hard part is getting something to sign. I have started this project here:
>> 
>> http://github.com/jchris/canonical-json
>> 
>> 
> this is a very interesting library @jchris. i'm not sure a canonical
> representation of a json is absolutely necessary, if you are signing binary
> base64 data for example.
> 
> i am interesting in having authentication and authorization to be done with
> PGP/GPG certificates (to make sure replication works with untrusted nodes).

in my mental model of this, you'd not need login or the userCtx to be PGP aware. You'd simple
have a validation function that ensures that the document is well formed (eg that the signature
matches the content).

it would be up to the human to decide if they trust the public key, and there could be some
application level tools to help verify trustworthiness. (eg, 5 of my friends have signed documents
that say they trust this key).

> how far have you gotten with parsing/extracting/verifying  PGP certificates
> (you seem to be using the same library i am to parse/extract/verify PGP
> certificates

I haven't made any progress since then (haven't really worked on it). I think in order for
JSON-signing to become useful we'd want to follow the RFC-track, so that we get interoperable
implementations across platforms.

Chris

> http://github.com/jchris/canonical-json/tree/master/www.hanewin.net/) ?


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message