May 12, 2010
long conversation tonight w/a friend about how to verifiably/cryptographically trust the data from a network based database or service.
It seems like if you move data you could cryptographically sign for trust to a service on the network – you can no longer trust the data itself. You can trust the server the service is running on – but not the service nor the data itself.
This is essentially the – “how do we do depsolving w/o having everyone download a copy of the repodata” problem.
Or put another way – our package repos are growing w/o bound and the metadata per package is also growing – since we cannot ask everyone to download a massive copy of the repodata as it increases in size, how can we get the same results, we can trust, from a service or an app.
I think the answer is essentially, we cannot.
At best we can trust the SERVER the service is running on by trusting an SSL cert – but we cannot verify the data we get back is valid.