Security

John Arbash Meinel john at arbash-meinel.com
Thu Nov 5 14:21:06 GMT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adrian Wilkins wrote:
>> It's not possible to 
>> verify a single revion and the verification is slow especially on large 
>> repositories.
> 
> Does Bazaar not have a similar property to git in that the testament
> hashes are based not just on the content of their revision but also on
> the hash of the previous revision?
> 
> In this case you can be assured that verifying a single signed revision
> is equivalent to verifying the entire lineage of that revision. So I
> guess the question is ; do testaments include the hashes of their parent
> revisions, or does the signing plugin just not grok this underlying
> property (if it's present)?
> 
> 

Short answer: no

It does mention the revision-ids, but it does not reference their
testament hashes. We discussed it at the time, but it is fundamentally
in conflict with the idea of supporting 'ghosts'. Also, there are other
various factors at play. Any sort of sha hash is going to be explicitly
dependent on the serialization format. So we created an independent
format (the testament), so that as we change how we logically structure
inventories, or if we change the bytes representation of any object, we
can still have valid signatures.

The cost for this, is that you have to generate a second representation
of your data in order to create and validate the signatures. The benefit
is that revisions from pre 1.0 formats are still valid in post 2.0 formats.

git has (afaik) never changed its basic byte format (for content nor for
the tree shape). However, imagine if there was enough pressure that they
decided that they really didn't like storing the full mode bits just to
represent 'executable' or not. Suddenly without actual logical content
change, all of the bytes-on-disk change, and all of your signed
revisions are useless. (Unless you write the code to translate to the
old format on-the-fly and use that to verify the hash.)

John
=:->

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkry31IACgkQJdeBCYSNAAOwdACcD5gB29qCWO8wEMH2LX+m0ts4
GZcAoMJ8ziboRc5IBWo0Ts0khSNlBzOe
=5Wh1
-----END PGP SIGNATURE-----



More information about the bazaar mailing list