[Webfunds-commits] java/webfunds TODO_SCW

• Previous message: [Webfunds-commits] lib cryptix-jce-api.jar cryptix-jce-compat.jar cryptix-jce-provider.jar cryptix-jce-tests.jar
• Next message: [Webfunds-commits] java/webfunds/client/contracts/wizard KeyContract.java KeyPanel.java KeyServer.java KeyTop.java
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

iang        00/08/26 09:55:09

  Modified:    webfunds TODO_SCW
  Log:
  Ouch - SCW permits rogue sigs on keys which Contract.verify rejects, but
  no easy way to get rid of them.  Need to strip unknown sigs.  Priority!

Revision  Changes    Path
1.9       +3 -0      java/webfunds/TODO_SCW

Index: TODO_SCW
===================================================================
RCS file: /home/webfunds/cvsroot/java/webfunds/TODO_SCW,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- TODO_SCW	2000/08/23 17:41:26	1.8
+++ TODO_SCW	2000/08/26 13:55:09	1.9
@@ -26,6 +26,9 @@
         * top level [cert] signs [contract] signing key (and itself)
         * contract signing key signs itself (and the contract, I.d below)
         * server key only signs itself
+        + additional sigs that may be on the key must be stripped from
+          the key at this point (there is no other convenient way to do
+          this!)
         * keys have userIdTag strings: { "[contract]"  "[cert]"  "[operator]"  }
 
           tags are documented in

• Previous message: [Webfunds-commits] lib cryptix-jce-api.jar cryptix-jce-compat.jar cryptix-jce-provider.jar cryptix-jce-tests.jar
• Next message: [Webfunds-commits] java/webfunds/client/contracts/wizard KeyContract.java KeyPanel.java KeyServer.java KeyTop.java
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]