[Pythonmac-SIG] Package Manager idea, adding a URL scheme
Jack Jansen
Jack.Jansen at cwi.nl
Fri Oct 3 11:03:13 EDT 2003
On Friday, October 3, 2003, at 01:13 PM, Bob Ippolito wrote:
>> Sorry, I wasn't clear enough. There is no such thing as a central
>> list of trusted packages.
>> Your database would have an IntegrityCheck of
>> <https://undefined.org/pimp/integrity/%s.html>.
>> The integrity check succeeding would only mean that the database the
>> user has on-disk is
>> indeed the exact same database as what you created, and by trusting
>> the database the
>> end-user trusts you (or, actually, as you pointed out elsewhere, the
>> end user trusts you and
>> your webhoster).
>
> I don't understand how this could possibly be useful for a database
> that changes often. You need a public key algorithm, not a hashing
> algorithm.
The whole point of the exercise with md5 sums and using your browser
for secure http access is
to work around the fact that we have no public key algorithm in
Python...
If you know of one that has a license that is Python-compatible *and*
you can convince
Guido to incorporate it into Python 2.4: great! I'd gladly use it in
PackMan.
> So let's put a public key algorithm into Python and do it the right
> way. md5 is not going to do what you want it to do. md5 can only
> verify that a file is very probably exactly the same as what it was
> when the hash was created, it doesn't tell you it was created by a
> trusted source.
On its own, no. But combined with another algorithm that allows a
trusted source to
advertise (in a secure way) the md5sums of all relevant documents s/he
ever created
it does. If you really want I could write it down in
Needham-Burrows-Abadi formalism
(or whatever the people involved were again).
Or, to elaborate on the steps again (taking you as an example):
1. You change your pimp database.
2. You take the md5sum of it, let's say it's 12345 (but with many more
digits:-)
3. You create a secure document
https://undefined.org/pimp/integrity.html
saying "I, Bob Ippolito, created this packman database. Use at your
own risk".
4. You don't ever delete this file, even when updating the database.
5. You now upload the database to
<http://undefined.org/pimp/pimp-macosx-whatever.plist>.
6. My mum downloads your database through packman, and presses the
"integrity check"
button.
6. She is presented with a dialog
You can now use your internet browser to test that this database was
actually created by %s. Check that the padlock is closed (if it is
open there is a very good chance that this is a forged database). If
you get a message about an untrusted certificate this is also a sign
of a forgery. Finally check that the URL starts with https: and points
to the website of %s.
Note that all these checks only mean that this database has not been
tampered
with since it was created. Whether you trust %s remains wholly up
to you.
--
Jack Jansen, <Jack.Jansen at cwi.nl>, http://www.cwi.nl/~jack
If I can't dance I don't want to be part of your revolution -- Emma
Goldman
More information about the Pythonmac-SIG
mailing list