Comments on the module-file format

Sean Mullan Sean.Mullan at Sun.COM
Wed Feb 3 14:34:10 PST 2010


I'm still coming up to speed on jigsaw itself, but I read through the latest 
module format and had a couple of quick comments from a security perspective.

- are the current hashes intended to be primarily used as a checksum or are they 
also designed as input into a subsequent signing operation? (or is that TBD). 
The hash and the data can be replaced for example, by a man-in-the-middle 
without detection.

- as for the signature itself, one possible suggestion is to consider reusing 
the existing PKCS#7 format that we use for JAR signatures. PKCS#7 already 
defines a format for holding the necessary certificates and is extensible to 
support various signature algorithms. And of course there is already PKCS#7 
support in the JRE. PKCS#7 is also designed to support single-pass processing.

Thanks,
Sean



More information about the jigsaw-dev mailing list