On Tue, 26 Oct 2004 07:56:37 +0200, Stefan Bodewig <[EMAIL PROTECTED]> wrote:
> This is in addition to Conor's remarks.
>
> On Fri, 22 Oct 2004, Steve Loughran <[EMAIL PROTECTED]> wrote:
>
> > The only way to secure it is one of
> >
> > 1. checksums to live on an http server you trust
> > 2. things to be signed by a CA you trust.
>
> things PGP signed by somebody you trust (or can build a chain of trust
> to). bouncycastle.org has Java APIs to PGP IIRC.
>
> > Also, can/should we declare ourselves a CA and sign all our ant
> > jars.
>
> I think we already have an ASF CA we used to create the cerificate for
> https access to the Subversion repo. I may be wrong, though.
>
> Setting up a "real" CA is under active consideration, we even already
> have some infrastructure pieces for it in Ben Laurie's bunker. We
> could create certificates for signing the jars with them.
In smartfrog you create your own CA just to sign all your jars, and sign and encrypt all (RMI) communications. To actually install the runtime you need to copy in the list of trusted CAs, and every node needs a copy of the (private) key used for inter-node communications.
I will talk to the security person when I get a chance to find out more about JAR signing.
> > Personally I'm happy with PGP. A CA in the end has similar trust > issues as a PGP key. Why should I trust the CA more than Antoine's or > Magesh's PGP key?
you can't. We have our own CA at work for signing mail and sites, incidentally. You need to add it to all your browsers to do things like find out why travel expenses havent been paid.
What we can do with a CA is work with normal jar signing; we could sign all the jar files we stick up on the repository with the ant key and so verify on download.
> We certainly need a better web of trust. As many committers (or users > for that matter) as possible should create PGP keys and use every > opportunity to cross sign the keys of people they meet. >
agreed. I guess I should do one. Is there somewhere where we keep the keys?
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
