[tahoe-dev] [tahoe-lafs] #839: Copying directories containing caps from the future
zooko at zooko.com
Tue Nov 24 04:48:07 UTC 2009
On Monday, 2009-11-23, at 17:51 , James A. Donald wrote:
> As always, I recommend Microsoft's MIDL/com as a example of general
> purpose, future proof, protocol negotiation for binary complied
> objects. Microsoft has been the technology leader in this field
> and is worthy of imitation.
Huh, that's interesting. Could you summarize for us the engineering
lessons, or point to some source which does?
I don't know anything about MIDL/com, but I know that Microsoft is
the leader in deploying secure identifiers for code, with their
"strong names" system in which the identifier of a library (called an
"assembly" in CLR terms) includes the public key which can be used to
verify the signatures on that library:
Reading through that tutorial again, I'm amused to see that, while
they use public key cryptography so that you can keep the same
identifier and have it refer to new versions (which is what you can't
do if you just use the secure hash of the object as the identifier of
the object), that their assembly-loading policy will not allow you to
change the X.Y.Z.Q version number! So you can use strong names to
securely load newer versions of the library, but only if you keep the
four-part version number the same as the older version. Heh heh heh.
More information about the tahoe-dev