Confirmed users, Bureaucrats and Sysops emeriti
1,737
edits
Apps/WebApplicationReceipt/GenerationService: Difference between revisions
Jump to navigation
Jump to search
Apps/WebApplicationReceipt/GenerationService (view source)
Revision as of 15:33, 29 March 2012
, 29 March 2012→Comments / Concerns / Clarification Needed
| Line 88: | Line 88: | ||
* [mcoates - 2012-03-28] review Bug needed - review implementation to ensure daily private keys are correctly destroyed | * [mcoates - 2012-03-28] review Bug needed - review implementation to ensure daily private keys are correctly destroyed | ||
* [mcoates - 2012-03-28] Threat #2 - More discussion is needed here to understand this requested control "Infrasec will correlate the signing activity log with actual requests from the Marketplace. " | * [mcoates - 2012-03-28] Threat #2 - More discussion is needed here to understand this requested control "Infrasec will correlate the signing activity log with actual requests from the Marketplace. " | ||
* [clouserw - 2012-03-29] Am I correct in my understanding that the HSM is used to generate a key once a day which lives on a .well-known distribution point. From there the receipt signing nodes pick up on the new key and sign receipts with it? So the HSMs aren't actually being used to sign the receipts, just to hold the private key securely? | |||
* [clouserw - 2012-03-29] In order to use the /.well-known/ prefix we'd technically have to register it with the standards folks (after debate). Obviously we can do what we want, but we'd be out of spec at that point. | |||
* [clouserw - 2012-03-29] The receipt reissuance moves the authority of a valid receipt from the original certificates to the AMO database. I don't know a way around that, but it's worth noting. | |||
* [clouserw - 2012-03-29] The receipt validation and reissuance checks are complicated. We should definitely provide server side code examples for developers trying to implement that. | |||
* [clouserw - 2012-03-29] I haven't seen plans for a way to query for receipts by User ID. I'm happy to skip that until it's shown we need it. | |||
* [clouserw - 2012-03-29] In Appendix B you ask if the public keys and the revoked keys should be in the same file, but in "Software Components" you say that the public keys are on an intranet-only URL. In "System Overview" you mention that the developer's servers can retrieve the list of revoked keys but they won't have access to an intranet-only URL. | |||
== Action Items == | == Action Items == | ||