Bug 64989 - RFE: rpm and rhmask
Summary: RFE: rpm and rhmask
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: rpm
Version: 1.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jeff Johnson
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-05-15 18:25 UTC by R P Herrold
Modified: 2007-04-18 16:42 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2004-02-26 04:35:35 UTC
Embargoed:


Attachments (Terms of Use)

Description R P Herrold 2002-05-15 18:25:26 UTC
This is a 'confirmation of conversation' piece


rhmask, if not explicitly deprecated, is de-emphasized in the present installs.

BUT: It enables a secure infrastructure (I write this, having lunched at a
national financial institution's main office, and speaking with their Open
Source Architect, a Network Security person, and an architect for a monolithic
graphical 'server' vendor LDAP variant implementation project)

rhmask is tiny. -- It could move into rpm without too much effort or size
penalty, and provide a tool for management of enciphered content.

It lacks some features: from memory, it is using a symmetric, X-or class
encipherment, based upon the hash of a pre-existent package.
-- it enciphers the entire package, rather than just the payload, rpecenting it
from being able to 'play well' with the RPM sub-payload signing and potential
encipherment capability
-- it lacks asymmertric cipher support, adn clean PKI hooks

Compare:
-- RPM is rolling in the GPL'd becrypt library
-- RPM is solving and will complete solving database 'decruftification' issues
-- RPM is solbving PKI validation and revocation, and verification issues

Distributing enciphered keyed information (as rhmask enable), will incidentally
facilitate keychain maintenance for the GPG layers.

============

So proposal is:
- Move rhmask into RPM
- extend rhmask with asymmetric, and PKI enabled confirmation of keys,
capabilities.

Comment 1 R P Herrold 2004-02-26 04:35:35 UTC
stale - closing


Note You need to log in before you can comment on or make changes to this bug.