river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Firmstone <peter.firmst...@zeus.net.au>
Subject SPKI Certificates and DownloadPermission
Date Mon, 18 Jun 2012 12:24:25 GMT
Until recently, I thought SPKI Certificates were only suitable for 
distributed user authorisation.

Quick recap: I sign an authority certificate, to be used on my system 
and delegate it to a friend (creating a certificate chain), allowing my 
friend remote access to my computer, because my computer recognises my 
certificate, it's sort of like me being the Certificate Authority for my 
own domain.  I can also allow my friend to delegate certain 
authorisations to his friends (by signing their cert) and so on.  (I 
cannot limit the level of delegatation, an authority certificate can 
either be delegated or not).

Well what if a jar file can be signed by someone whom I've delegated an 
authority certificate for DownloadPermission?

My computer doesn't even need to know who the other person is who's 
signed the jar file, all it needs is my authority certificate.

Does this let the Geenie out of the bottle?  Not if I sign with a 
secondary certificate I use for delegation, since I can revoke that 
certificate locally, then all the people whom I've delegated the 
permission can no longer take advantage of it (except for those whose 
classes have been already loaded).

The authority certificates I generate are only useful in my domain.

This allows administrators and their dominions to remain separate, yet 
remain able to determine authorisation.

Rather simple isn't it?

The added benefit is that a ClassLoader loaded using signed jar files 
will be more secure as it prevents the loading of unsigned jar files 
into that class loader by a potential attacker.

Interestingly, if my friend grants me DownloadPermission, I can create a 
service with a smart proxy and my friend can use it to log into my 
system using authorisation certificates I've granted to access my domain.

SPKI certificates can also be given short expiry periods, issued daily 
or weekly by an administrator to whom I've delegated authority.


View raw message