[Webfunds-commits] java/webfunds TODO_SCW
Edwin Woudt
edwin@webfunds.org
Wed, 16 Aug 2000 21:22:57 +0000
> I. Sanity checking is needed:
>
> + (* that these are all potential checks may be also conducted within
> + Contract.verify, now called in FinishSig after Signing. But, earlier
> + checks would be good too.)
If you can provide a verify method that works on an unsigned contract
without keys, then an early check is trivial to implement.
BTW: it is very unclear to me in this list which things are fixed and which
not.
> + I.a) Contract - all these can be repaired and saved on the fly
> +
> + + no trailing spaces
> + + uniform line endings
OpenPGP removes these automagically, so I would consider these fixed.
> + + for the secret key, wouldn't a popup box be better for the
> passphrase? (one presumes this signals that the key is quickly
> decrypted, used, then the decrypted version is disposed of
> quickly... may not be the case.)
Would probably be better, but was harder to implement, so that's why I went
with the popup box.
> + - now picks up dud passphrase but takes about 30 seconds the
> + first time to find out... Must be SecureRandom?
Yup, SecureRandom.
> + I.d) Signed Contract
> +
> + * signature made is correct and verifiable with contents of
> contract no additional chars introduced, strip sig and keys
> and diff with initial prototype contract.
I have got no clue what you are trying to say here.
> II. Presentation.
>
> + Some of the notes assume that the concept of "Wizard" is
> modifiable, (as discussed...) which may be a bad assumption.
I don't remember this discussion, and I don't think most people on -devel
have seen this. Could you eleborate?
> + d.2 Needs a save button to save out that file to the original
> + Name or a browsed name. Need to recall the name.
Save button is a bad idea, as it defeats the idea of a wizard, but yes it
is a good idea to have a similar feature.
Edwin