Comments on the module-file format
Sean Mullan
Sean.Mullan at Sun.COM
Wed Feb 3 14:34:10 PST 2010
I'm still coming up to speed on jigsaw itself, but I read through the latest
module format and had a couple of quick comments from a security perspective.
- are the current hashes intended to be primarily used as a checksum or are they
also designed as input into a subsequent signing operation? (or is that TBD).
The hash and the data can be replaced for example, by a man-in-the-middle
without detection.
- as for the signature itself, one possible suggestion is to consider reusing
the existing PKCS#7 format that we use for JAR signatures. PKCS#7 already
defines a format for holding the necessary certificates and is extensible to
support various signature algorithms. And of course there is already PKCS#7
support in the JRE. PKCS#7 is also designed to support single-pass processing.
Thanks,
Sean
More information about the jigsaw-dev
mailing list