Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [ease-dev] [EASE-dev] Introduction

Hi Varun,

first, just call me Christian, 'sir' is definitely not required :)

The general idea of signing scripts is that eg eclipse may put up some scripts on their web servers which users may consume. As scripts are potentially dangerous - they would have access to the local file system - users want to be sure that remote scripts are safe and untampered. Basically very similar to an https connection. You rely on some root certificates to be sure that you may trust these scripts. Self signing certificates might be used, but it will be harder for the user to decide on the trust level of such certificates.

For option 1 this means that we need to retrieve public keys from script authors first and import them before we can verify scripts. This is an option, but forces the user to manually deal with security stuff.

Option 2 uses the keystore and its root certificates automatically. Eg scripts signed by eclipse.org would be recognized as safe out of the box. I prefer this one. We then need some UI to ask the user for unknown certificates if he wants to trust them and eventually import them into the keystore.

Option 3 is not needed, as eclipse can do this automatically during the build. Scripts delivered within a jar are already on the localhost, so it is easier to make sure these scripts are safe.

Regarding CSRs I do not think that eclipse would start signing keys for anybody. So I guess for this project we can rely on certificates that either are already part of your keystore or could be imported into it.

I like that you already play around with the code and give it a try!

cheers
Christian



Back to the top