[Pythonmac-SIG] Package Manager idea, adding a URL scheme

Jack Jansen Jack.Jansen at cwi.nl
Fri Oct 3 11:03:13 EDT 2003 

On Friday, October 3, 2003, at 01:13 PM, Bob Ippolito wrote:
>> Sorry, I wasn't clear enough. There is no such thing as a central 
>> list of trusted packages.
>> Your database would have an IntegrityCheck of 
>> <https://undefined.org/pimp/integrity/%s.html>.
>> The integrity check succeeding would only mean that the database the 
>> user has on-disk is
>> indeed the exact same database as what you created, and by trusting 
>> the database the
>> end-user trusts you (or, actually, as you pointed out elsewhere, the 
>> end user trusts you and
>> your webhoster).
>
> I don't understand how this could possibly be useful for a database 
> that changes often.  You need a public key algorithm, not a hashing 
> algorithm.

The whole point of the exercise with md5 sums and using your browser 
for secure http access is
to work around the fact that we have no public key algorithm in 
Python...

If you know of one that has a license that is Python-compatible *and* 
you can convince
Guido to incorporate it into Python 2.4: great! I'd gladly use it in 
PackMan.

> So let's put a public key algorithm into Python and do it the right 
> way.  md5 is not going to do what you want it to do.  md5 can only 
> verify that a file is very probably exactly the same as what it was 
> when the hash was created, it doesn't tell you it was created by a 
> trusted source.

On its own, no. But combined with another algorithm that allows a 
trusted source to
advertise (in a secure way) the md5sums of all relevant documents s/he 
ever created
it does. If you really want I could write it down in 
Needham-Burrows-Abadi formalism
(or whatever the people involved were again).

Or, to elaborate on the steps again (taking you as an example):

1. You change your pimp database.
2. You take the md5sum of it, let's say it's 12345 (but with many more 
digits:-)
3. You create a secure document 
https://undefined.org/pimp/integrity.html
    saying "I, Bob Ippolito, created this packman database. Use at your 
own risk".
4. You don't ever delete this file, even when updating the database.
5. You now upload the database to 
<http://undefined.org/pimp/pimp-macosx-whatever.plist>.
6. My mum downloads your database through packman, and presses the 
"integrity check"
    button.
6. She is presented with a dialog
	You can now use your internet browser to test that this database was
	actually created by %s. Check that the padlock is closed (if it is
	open there is a very good chance that this is a forged database). If
	you get a message about an untrusted certificate this is also a sign
	of a forgery. Finally check that the URL starts with https: and points
	to the website of %s.
	
	Note that all these checks only mean that this database has not been 
tampered
	with since it was created. Whether you trust %s remains wholly up
	to you.

--
Jack Jansen, <Jack.Jansen at cwi.nl>, http://www.cwi.nl/~jack
If I can't dance I don't want to be part of your revolution -- Emma 
Goldman

More information about the Pythonmac-SIG mailing list