PSARC/2008/190 - Preinception IPS
Darren J Moffat
Darren.Moffat at sun.com
Fri Aug 1 02:00:14 PDT 2008
Bart Smaalders wrote:
> Stephen Hahn wrote:
>
>> I am having difficulty formulating a use case where nested or multiply
>> signed packages are needed, and in which the consumer makes different
>> decisions when distinct subsets of the signing entities cannot be
>> independently verified. Maybe someone has an example?
>
> Multiply signed packages are useful, as others have pointed out, to
> permit systems to require multiple signatures, or permit alternate
> signatures.
>
> The easiest way to do this is to omit all signatures from the
> hash; adding a new signature would then not invalidate previous ones.
Which is exactly how elfsign works (even though we do not currently use
the multiple signature capability).
--
Darren J Moffat
More information about the opensolaris-arc
mailing list