[darcs-users] Data Integrity

[Florent Becker]

> Btw, the actual signing should not be very heavy. True, RSA is slow,
> but you are only applying RSA on a 40-character string. Computing the
> hash is fast too because SHA1 is fast. The really slow part is going
> to be commuting patches in order to find the minimal context for the
> patch.

The crucial question for this is to know in which scenario you are:
1/ Do you want to be able to pull safe (signed) patches from an untrusted
repository?
2/ If so, do you want to be able to pull them even if they have been 
commuted in the untrusted repo? (ie: do you want to use the untrusted
repos as a source of patches, or as a cache where commutation deletes
the patches)

If the answer to 1 is “no”, then you don't gain anything by signed patches
over a secured patch exchange protocol. In paranoid mode, just have your
trusted repositories only pull from each other.

If the answer to 2 is “no”, then you don't gain anything by adding a minimal
context to signed patches. Just have every commutation delete the signature¹.

If the answer to 1 and 2 are “yes”, then you do need minimal contexts, but
they add significant complexity in record (which becomes quadratic), which is
going to be unacceptable for many people. In that case you'd want to make
record and sign/compute minimal context two separate operations, so that
for example, I only need quadratic time for the patches I send to my erythrean
dissident friends².

Florent

¹ In fact, you can make it be "every commutation that changes the patch
representation".

² Why is it always the military oppression which gets to use cryptography?