On Thu, May 19, 2005 at 12:27:51PM -0400, S. Alexander Jacobson wrote:
I've read the book. I understand crypto well enough. Perhaps you could answer a simple question:
If I query Hackage for a package URL, what assurance do I have that the URL I receive is actually correct?
Note, I am NOT asking how you authenticate the content retrieved from that URL. I am asking how you know the URL itself is correct?
Because if the URL is not correct, then the content will not authenticate. I am not sure how else to put it since that is what is important, that you get the package you are asking for. Note that this does not require you trust the hackage server at all, all security is end-to-end as it should be. There is no need to trust any link in the chain. hackage is meerly a way to match providers of packages to consumers of them. So, A better question is, if the content authenticates, does it matter whether the URL was correct? At worst it means somone is clandestinly mirroring your content, which doesn't seem that bad :) SSL authenticates the server and secures data on the wire against tampering. However, we want to authenticate the _author_ of packages, not the hackage server and securing data on the wire is a non-issue since all data is gpg signed. The hackage server is not special, the authors are the primaries and the hackage sever is just a convienient meeting place and an ad hoc (but not special or mandatory) namespace management center for packages. There is a place for SSL, and that is if hackage allows any sort of password based modification of content via web forms. But for the basic functionality of storing and serving packages, it is not needed. John -- John Meacham - ⑆repetae.net⑆john⑈