Changes between Version 3 and Version 4 of SecuredRemoteData

Show
Ignore:
Author:
james (IP: 65.172.155.230)
Timestamp:
01/20/11 17:35:55 (7 years ago)
Comment:

add info. about x509 plans.

Legend:

Unmodified
Added
Removed
Modified
  • SecuredRemoteData

    v3 v4  
    3636 
    3737== x509 == 
     38 
     39There is a plan to move from GPG signing of packages to x509 signing of packages. Note that with x509 signing the signature will be external from the package (although we may sign the entire package, or just the headers). There are three main advantages to this: 
     40 
     41 1. The x509 APIs have support for key revocation and expiration, etc. 
     42 
     43 2. Packages can be signed by more than one key, or re-signed, without changing the package. 
     44 
     45 3. Related to both #1 and #2, the x509 APIs will be distinct from the rpm APIs ... so we can get a lot of information about the keys, Eg. import just the needed keys etc.