radical suggestion for fc4 release
Jeff Johnson
n3npq at nc.rr.com
Fri Feb 4 14:16:04 UTC 2005
Nils Philippsen wrote:
>On Thu, 2005-02-03 at 12:39 -0500, Jeff Johnson wrote:
>
>
>
>Just musing ;-): Individual signatures on each header component, along
>with a signed list of components that should be present. That way, if
>
Smells too much like DNSSec to me.
Ever tried to babysit a DNSSEC config? PITA ...
>something goes corrupt, you can find out what is broken ("URL not ok")
>unless the list gets damaged and a list should be a smaller target to be
>hit by random disaster than a complete header blob. This of course
>doesn't bring any more security where malice is involved, but I can as
>easily corrupt a complete header blob as I can the list or other single
>components, so nothing lost here.
>
>
Hint: encrypted/signed files and certificate management are far more
interesting problems.
So is exploding header meatadata into LDAP or WebDAV attributes.
73 de Jeff
More information about the fedora-devel-list
mailing list