[Webfunds-devel] OpenPGP signed Contracts

• Previous message: [Webfunds-devel] Another flaw in issued contracts.
• Next message: [Webfunds-devel] OpenPGP signed Contracts
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Edwin Woudt wrote:
> 
> After some private discussion, let's continue this on the mailing list.
> 
> The idea is to change the X509 signatures on contracts into OpenPGP
> sigs. We won't touch the X509 stuff in SOX for now.
> 
> I've created the OPENPGP branch in the webfunds CVS repository, to
> prevent interference with the other work. When everything is done and
> tested the changes can be merged back to the main branch.
> 
> As far as I can see now, the following code needs hacking:
> * webfunds/ricardian/Contract.java
>   - this is where all the magic happens
> * webfunds/client/contracts/SignContractWizard.java
>   - this class should not be dealing with X509 stuff at all, so the
>     signature generation code will move to Contract.java

I don't agree here. A Contract object represents a valid (hence signed) 
contract. Subclasses of Contract should specialize based on contract 
type (CurrencyContract, FooContract). Contract itself should be 
immutable and able to restore itself to whatever format it came from.
What you need is a factory that does something along the lines of:

 ContractInfo + PrivateKey | ContractSigner/Factory -> FooContract

Also I think the key handling should be split. One section that tells
you which keys (by Key Id) are used for which purpose and one section
that contains zero or more actual key blobs. This would allow future
contracts to depend on an external key infrastructure.

Cheers,
Jeroen

• Previous message: [Webfunds-devel] Another flaw in issued contracts.
• Next message: [Webfunds-devel] OpenPGP signed Contracts
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]