Re: SigningTable (was: SigingTable)

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Sun, 21 Feb 2010 23:54:38 -0800 (PST)

On Sun, 21 Feb 2010, SM wrote:
> It makes sense in terms of KEY and VALUE. It is more work to manually
> edit the two files.

When dealing with flat files or small numbers of keys, that's true. But
in other database forms, it does make more sense to do this "join"
operation where many signing rules and/or keys may coexist.

> There can be typos which causes a mismatch between SigningTable and
> KeyTable entries. I guess that users could write a script to generate
> the two files.

We could also include a tool that confirms a few things:

1) walks the SigningTable and ensures that every entry references a
current KeyTable entry

2) verifies that every KeyTable entry contains or refers to valid key
data

3) verifies that there are no KeyTable entries with the same domain and
selector but different key data
Received on Mon Feb 22 2010 - 07:54:57 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:32:52 PST