Confirmed users
58
edits
Apps/WebApplicationReceipt/GenerationService: Difference between revisions
Apps/WebApplicationReceipt/GenerationService (view source)
Revision as of 19:10, 6 April 2012
, 6 April 2012→Comments / Concerns / Clarification Needed
Jstevensen (talk | contribs) |
|||
| Line 136: | Line 136: | ||
* [clouserw - 2012-03-29] In Appendix B you ask if the public keys and the revoked keys should be in the same file, but in "Software Components" you say that the public keys are on an intranet-only URL. In "System Overview" you mention that the developer's servers can retrieve the list of revoked keys but they won't have access to an intranet-only URL. | * [clouserw - 2012-03-29] In Appendix B you ask if the public keys and the revoked keys should be in the same file, but in "Software Components" you say that the public keys are on an intranet-only URL. In "System Overview" you mention that the developer's servers can retrieve the list of revoked keys but they won't have access to an intranet-only URL. | ||
** [mhanson 2012-03-29] the private keys are intranet only - the public keys are "delivered carefully to the advertising point" - e.g. the public website | ** [mhanson 2012-03-29] the private keys are intranet only - the public keys are "delivered carefully to the advertising point" - e.g. the public website | ||
** [joes/kang 2012-04-06] is the python glue on the HSM verifying that the keys it's signing are expiring after a day maximum? | |||
===Security Review Notes=== | ===Security Review Notes=== | ||
| Line 155: | Line 156: | ||
* server ip compromise could allow push of signing cert from root cert to malicious server. | * server ip compromise could allow push of signing cert from root cert to malicious server. | ||
* multiple refunds against non-valid transactions or just too many refunds. | * multiple refunds against non-valid transactions or just too many refunds. | ||
== Action Items == | == Action Items == | ||
* Who :: What :: By when | * Who :: What :: By when | ||