diff options
author | Joey Hess <joeyh@joeyh.name> | 2017-04-19 20:07:47 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2017-04-19 20:07:47 -0400 |
commit | f7999cecc2bb0c76d88005444478e8500c624786 (patch) | |
tree | 9deccd684e1333dca028d980489892ac4189582b /TODO | |
parent | 6f7cf857b408401abdc4477c888495b4f13162c7 (diff) | |
download | debug-me-f7999cecc2bb0c76d88005444478e8500c624786.tar.gz |
fully working signatures
This commit was sponsored by Ethan Aubin.
Diffstat (limited to 'TODO')
-rw-r--r-- | TODO | 7 |
1 files changed, 3 insertions, 4 deletions
@@ -6,13 +6,12 @@ matter.) * loadLog should verify the hashes (and signatures) in the log, and refuse to use logs that are not valid proofs of a session. -* Encryption! -* Add random nonce to start message, to avoid replay issues. - (Or perhaps the encryption derives a RSA key in a way that avoids - replay..) * Network! * Server! * gpg key downloading, web of trust checking, prompting Alternatively, let debug-me be started with a gpg key, this way a project's website can instruct their users to "run debug-me --trust-gpg-key=whatever" +* Multiple developers should be able to connect to a single debug-me + user. Most of the code was written with that in mind, but not tested + yet.. |