radical suggestion for fc4 release

Jeff Johnson n3npq at nc.rr.com
Fri Feb 4 14:16:04 UTC 2005

Nils Philippsen wrote:

>On Thu, 2005-02-03 at 12:39 -0500, Jeff Johnson wrote:
>Just musing ;-): Individual signatures on each header component, along
>with a signed list of components that should be present. That way, if

Smells too much like DNSSec to me.

Ever tried to babysit a DNSSEC config? PITA ...

>something goes corrupt, you can find out what is broken ("URL not ok")
>unless the list gets damaged and a list should be a smaller target to be
>hit by random disaster than a complete header blob. This of course
>doesn't bring any more security where malice is involved, but I can as
>easily corrupt a complete header blob as I can the list or other single
>components, so nothing lost here.

Hint: encrypted/signed files and certificate management are far more 
interesting problems.

So is exploding header meatadata into LDAP or WebDAV attributes.

73 de Jeff

More information about the fedora-devel-list mailing list