Nils Philippsen wrote:
On Thu, 2005-02-03 at 12:39 -0500, Jeff Johnson wrote:
Just musing ;-): Individual signatures on each header component, along with a signed list of components that should be present. That way, if
Smells too much like DNSSec to me.
Ever tried to babysit a DNSSEC config? PITA ...
something goes corrupt, you can find out what is broken ("URL not ok")
unless the list gets damaged and a list should be a smaller target to be
hit by random disaster than a complete header blob. This of course
doesn't bring any more security where malice is involved, but I can as
easily corrupt a complete header blob as I can the list or other single
components, so nothing lost here.
Hint: encrypted/signed files and certificate management are far more interesting problems.
So is exploding header meatadata into LDAP or WebDAV attributes.
73 de Jeff
