[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [ease-dev] [EASE-dev] Introduction
|
Hi Varun,
first, just call me Christian, 'sir' is definitely not required :)
The general idea of signing scripts is that eg eclipse may put up some
scripts on their web servers which users may consume. As scripts are
potentially dangerous - they would have access to the local file system
- users want to be sure that remote scripts are safe and untampered.
Basically very similar to an https connection. You rely on some root
certificates to be sure that you may trust these scripts. Self signing
certificates might be used, but it will be harder for the user to decide
on the trust level of such certificates.
For option 1 this means that we need to retrieve public keys from script
authors first and import them before we can verify scripts. This is an
option, but forces the user to manually deal with security stuff.
Option 2 uses the keystore and its root certificates automatically. Eg
scripts signed by eclipse.org would be recognized as safe out of the
box. I prefer this one. We then need some UI to ask the user for unknown
certificates if he wants to trust them and eventually import them into
the keystore.
Option 3 is not needed, as eclipse can do this automatically during the
build. Scripts delivered within a jar are already on the localhost, so
it is easier to make sure these scripts are safe.
Regarding CSRs I do not think that eclipse would start signing keys for
anybody. So I guess for this project we can rely on certificates that
either are already part of your keystore or could be imported into it.
I like that you already play around with the code and give it a try!
cheers
Christian
