river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sim IJskes - QCG <...@qcg.nl>
Subject Re: Towards Internet Jini Services (trust)
Date Tue, 12 Oct 2010 13:07:07 GMT
On 10/12/2010 02:57 PM, Michal Kleczek wrote:
>> No you don't. You can delegate it to the IntegrityVerifier. This is the
>> place where you should check the integrity. You will have enough
>> information there (coded in the codebase parameter), to load the code,
>> check endpoints (dns name, ip address, TLS) if wanted, check signatures,
>> certificates, checksums.
>
> Right - but it looks to me we're turning circles right now. Maybe I just don't
> understand what you're saying so let me describe a scenario that I would like
> to support:
> 1. Prerequisite - you and I are logged in to the same Kerberos realm and I
> know your kerberos principal
> 2. I got a piece of data - a marshalled object
> 3. Before I deserialize an object I want to make sure the codebase of the
> object I got is the one you wanted it to be (regardless of the contents of the
> jar file I will download later - I'm going to check its integrity later on)

My take on this, is that we should lower the prerequisite, and still 
have a robust implementation. We are talking about the internet are we? 
How many of us share a kerberos realm?

I dont like the idea, that we allow full deserialization before we have 
had a change to let the IntegrityVerifier have a look at it. And if you 
want to fix that, you've created a snake biting its own arse. And we 
wont have that do we?

Gr. Sim


Mime
View raw message