hard problem

May 12, 2010

long conversation tonight w/a friend about how to verifiably/cryptographically trust the data from a network based database or service.

It seems like if you move data you could cryptographically sign for trust to a service on the network – you can no longer trust the data itself. You can trust the server the service is running on – but not the service nor the data itself.

This is essentially the – “how do we do depsolving w/o having everyone download a copy of the repodata” problem.

Or put another way – our package repos are growing w/o bound and the metadata per package is also growing – since we cannot ask everyone to download a massive copy of the repodata as it increases in size, how can we get the same results, we can trust, from a service or an app.

I think the answer is essentially, we cannot.

At best we can trust the SERVER the service is running on by trusting an SSL cert – but we cannot verify the data we get back is valid.

3 Responses to “hard problem”

  1. red Says:

    Being a noob I certainly miss something here, but what about simply signing the repodata? I thought Debian does that too.

    We trust the signed packages so why not trust the signed repodata. Of course this will be hard if you plan to generate only the necessary bit of repodata on-the-fly🙂

    Or could delta-repodata helpto solve the size problem? Like full repodata only at release time (which is on the cd/dvd) and then daily delta/incremental repodata?

  2. skvidal Says:

    We can already sign the metadata. That still means you have to download a complete copy of it to verify the signature.

  3. Bill Says:

    Tree of metadata with hashes. Like trees in git. Just have to decide on the granularity of the chunks. Obviously your nightmare scenario is going back to downloading all the rpm headers from the repo like what used to happen many years ago.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: