[Webfunds-commits] java/webfunds TODO_SCW

Mon, 28 Aug 2000 12:14:25 -0400 (AST)

iang        00/08/28 12:14:24

  Modified:    webfunds TODO_SCW
  Log:
  update from edwin's post, includes DONE fields for the record, will delete next.

Revision  Changes    Path
1.10      +31 -26    java/webfunds/TODO_SCW

Index: TODO_SCW
===================================================================
RCS file: /home/webfunds/cvsroot/java/webfunds/TODO_SCW,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10

--- TODO_SCW	2000/08/26 13:55:09	1.9
+++ TODO_SCW	2000/08/28 16:14:24	1.10
@@ -5,8 +5,7 @@
       I.a)  Contract - all these can be repaired and saved on the fly
 
         + no trailing spaces (stripped in verify)
-          (Done??)
-          (Not stripped from saved text, but minor point)
+          (DONE)
 
         + uniform line endings.  NB, the Contract code _rejects_
           _mixed_ line endings (for example \n followed by \r\n)
@@ -24,20 +23,28 @@
       I.b)  PKI
     
         * top level [cert] signs [contract] signing key (and itself)
+          (DONE)
         * contract signing key signs itself (and the contract, I.d below)
+          (DONE)
         * server key only signs itself
+          (DONE)
         + additional sigs that may be on the key must be stripped from
           the key at this point (there is no other convenient way to do
           this!)
+          (DONE)
         * keys have userIdTag strings: { "[contract]"  "[cert]"  "[operator]"  }
+          (DONE)
 
           tags are documented in
           http://www.systemics.com/docs/ricardo/issuer/server-manage.html
     
       I.c) Secret Key
     
-        * secret key matches contract public key
-        * secret key decrypts properly (DONE)
+        * secret key matches contract public key - would be nice to have a
+          check as it is being entered, currently it is checked only during
+          the signing process.
+        * secret key decrypts properly
+          (DONE)
         + for the secret key, wouldn't a popup box be better for the passphrase?
           (one presumes this signals that the key is quickly decrypted, used,
           then the decrypted version is disposed of quickly...  may not be the
@@ -51,7 +58,7 @@
         + additional potential sanity check:  that the signed contract can
           be un-signed and contents compared with original proto-contract to
           ensure that no additional chars were introduced during the signing
-          process.
+          process. (defer... might think about that...)
 
   * signifies checks that are conducted within Contract.verify(),
     now called in FinishSig.next() after act of contract signing.
@@ -64,20 +71,15 @@
         (with platform line ending, currently has ^M on Unix).
         (DONE)
 
-        (Did not seem to change anything, still written with ^M
-        in Unix to *.asc and to *.txt...)
-
     b.  Contract: Read File - does not describe state of contract, which must
         be clean of PGP cruft, all from [keys] inclusive should be
         deleted manually.
-        (DONE the instruction part, not the checking part)
+        (DONE)
      
-        (Needs more support from Contract to do this checking as Contract.java
-        can only read a signed Contract.)
-
     c.  Bug: from "server" dialog, with nothing in the key name field,
         pressing "Previous" resulting in exception message "Please select
         a key" before switching back to previous screen.
+        (DONE by rewrite)
 
 III.  Coding comments (minor).
 
@@ -94,20 +96,28 @@
 
 IV.  Feature Requests!
 
-        Some of the notes assume that the concept of "Wizard" is modifiable,
-        (as discussed...) which may be a bad assumption.
+    i)  Different methods for accessing keys.
 
-"A Signer" says:
-> I signed this with my commercial PGP instead of the wizard because the
-> wizard doesn't seem to recognize secring files and I want to be able to
-> use the secring and plain vanilla PGP for signing issuance orders
+       "A Signer" says:
+       > I signed this with my commercial PGP instead of the wizard because the
+       > wizard doesn't seem to recognize secring files and I want to be able
+       > to use the secring and plain vanilla PGP for signing issuance orders
 
-    i) a.  Read Keys from secring and pubring files as stored
+       a.  Read Keys from secring and pubring files as stored
            by popular PGP clients (mostly commercial NAI).  Would
            involve checking for appropriate [tags] and presenting
            a choice somehow if there are multiples?
+
+       b.  C&P box for keys would also be nice.
+
+       c.  Generate keys [contract] and [cert] on demand so that the
+           wizard can be used for complete cycle without NAI/PGP or GPG.
+           Whilst not recommended as yet for actual use, some people will
+           be happier with this, and it makes testing easier.  At some
+           stage it will become a production option, once key generation 
+           reaches a "confidence" level.
 
-       b.  C&P box for keys would also be nice...
+       d.  Binary keys as well as armoured keys.
 
     ii) desperately need to save context somehow by either saving each
         dialog contents out (messy) or by saving the contract fully out
@@ -122,9 +132,4 @@
         saved in (proto)contracts read in "Read File" as the keys
         for later steps.
 
-    iii) wizard should have an option to generate required [contract]
-        and [cert] keys and organise signing of latter with former.
-        Whilst not recommended as yet for actual use, some people will
-        be happier with this, and it makes testing easier.  At some
-        stage it will become a production option, once key generation 
-        reaches a "confidence" level.
+        (DONE!)






