From: Junio C Hamano <gitster@pobox.com>
To: Dave Borowitz <dborowitz@google.com>
Cc: Shawn Pearce <spearce@spearce.org>, git <git@vger.kernel.org>
Subject: Re: [PATCH 3/7] pack-protocol.txt: Mark all LFs in push-cert as required
Date: Mon, 06 Jul 2015 09:57:46 -0700 [thread overview]
Message-ID: <xmqq615x2ph1.fsf@gitster.dls.corp.google.com> (raw)
In-Reply-To: <CAD0k6qRLu1d7Sa8aVrHtDCsJNtVXwzHBAyOmmUHmVAx7qHmOPg@mail.gmail.com> (Dave Borowitz's message of "Mon, 6 Jul 2015 12:38:20 -0400")
Dave Borowitz <dborowitz@google.com> writes:
> The server can munge pkt-lines and reinsert LFs, but it _must_ have
> some way of reconstructing the payload that the client signed in order
> to verify the signature. If we just naively insert LFs where missing,
> we lose the ability to verify the signature.
I still do not understand this part.
There is no way to "naively" insert, is there? You have an array of
lines (each of which you have already stripped its terminating LF at
its end). How else other than adding one LF at the end of each
element do you reconstruct the original multi-line string the client
signed? Are there other ways that makes the result ambiguous??
> If we say the payload the client signs MUST have LFs only in certain
> places, then that gives the server enough information to reconstruct
> the payload and verify the signature.
>
> But if we say the signed payload MUST have LFs and the wire payload
> MAY have LFs, then now we have two completely different formats, only
> one of which is documented.
I thought that was what I was saying. The wire protocol sends the
contents of each line (both what is signed and the signature) on a
separate packet. When I say "contents of a line", I do not include
the terminating LF as part of the line (iow, LF is not even
optional; the terminating LF is not considered as part of "the
contents of a line"). It becomes irrelevant that a pkt-line may or
may not have a trailing optional LF. If there is LF at the end of a
packet between "push-cert" and "push-cert-end" packets, that LF by
definition cannot be part of the "contents of a line" in a
certificate.
It is just a pkt-line framing artifact you can and should remove if
you are doing a "split to array, join with LF" implementation to
recover the original string.
And that is very much consistent with the way we send other things
with pkt-line protocol. Each packet up to the first flush is
expected to have <object name> and <refname> as ref advertisement.
The pkt-line framing may or may not add a trailing LF, but LF is not
part of <refname>. It is not even part of the payload; merely an
artifact of pkt-line framing.
next prev parent reply other threads:[~2015-07-06 16:57 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-01 18:08 [PATCH 0/7] Clarify signed push protocol documentation Dave Borowitz
2015-07-01 18:08 ` [PATCH 1/7] pack-protocol.txt: Add warning about protocol inaccuracies Dave Borowitz
2015-07-01 19:39 ` Jonathan Nieder
2015-07-01 19:52 ` Junio C Hamano
2015-07-01 19:56 ` Dave Borowitz
2015-07-01 18:08 ` [PATCH 2/7] pack-protocol.txt: Mark LF in command-list as optional Dave Borowitz
2015-07-01 18:21 ` Stefan Beller
2015-07-01 18:46 ` Dave Borowitz
2015-07-01 18:08 ` [PATCH 3/7] pack-protocol.txt: Mark all LFs in push-cert as required Dave Borowitz
2015-07-01 20:00 ` Junio C Hamano
2015-07-01 20:07 ` Dave Borowitz
2015-07-01 20:49 ` Junio C Hamano
2015-07-06 14:46 ` Dave Borowitz
2015-07-06 15:22 ` Dave Borowitz
2015-07-06 15:27 ` Dave Borowitz
2015-07-06 15:29 ` Dave Borowitz
2015-07-06 15:35 ` Dave Borowitz
2015-07-06 16:12 ` Junio C Hamano
2015-07-06 15:46 ` Shawn Pearce
2015-07-06 16:28 ` Junio C Hamano
2015-07-06 16:28 ` Junio C Hamano
2015-07-06 16:38 ` Dave Borowitz
2015-07-06 16:57 ` Junio C Hamano [this message]
2015-07-06 17:11 ` Dave Borowitz
2015-07-06 17:18 ` Dave Borowitz
2015-07-06 17:34 ` Junio C Hamano
2015-07-06 17:38 ` Dave Borowitz
2015-07-06 18:06 ` Junio C Hamano
2015-07-06 18:08 ` Dave Borowitz
2015-07-06 18:23 ` Junio C Hamano
2015-07-06 17:30 ` Junio C Hamano
2015-07-06 17:35 ` Dave Borowitz
2015-07-06 17:59 ` Junio C Hamano
2015-07-01 20:36 ` Junio C Hamano
2015-07-01 20:39 ` Junio C Hamano
2015-07-02 13:53 ` Jeff King
2015-07-03 17:45 ` Junio C Hamano
2015-07-03 18:07 ` Jeff King
2015-07-03 18:43 ` Shawn Pearce
2015-07-03 18:46 ` Jeff King
2015-07-01 18:08 ` [PATCH 4/7] pack-protocol.txt: Elaborate on pusher identity Dave Borowitz
2015-07-01 18:58 ` Junio C Hamano
2015-07-01 18:08 ` [PATCH 5/7] pack-protocol.txt: Be more precise about pusher-key relationship Dave Borowitz
2015-07-01 18:08 ` [PATCH 6/7] pack-protocol.txt: Mark pushee field as optional Dave Borowitz
2015-07-01 18:56 ` Junio C Hamano
2015-07-01 19:06 ` Dave Borowitz
2015-07-01 19:07 ` Junio C Hamano
2015-07-01 19:08 ` Junio C Hamano
2015-07-01 19:31 ` Dave Borowitz
2015-07-01 18:08 ` [PATCH 7/7] send-pack.c: Die if the nonce is empty Dave Borowitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqq615x2ph1.fsf@gitster.dls.corp.google.com \
--to=gitster@pobox.com \
--cc=dborowitz@google.com \
--cc=git@vger.kernel.org \
--cc=spearce@spearce.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.