Signing events

rdenny at dc3.com rdenny at dc3.com
Fri Mar 2 18:20:11 PST 2012 

John --

I would be interested in your "area of concern" for the digital signature scheme described in the IVOA Note http://www.ivoa.net/Documents/latest/VOEventDigiSig.html. It is implemented in Dakota and has worked well so far. 

  -- Bob


On Jan 25, 2012, at 1:36, John Swinbank <swinbank at transientskp.org> wrote:

> Hello,
> 
> Thanks Rob & Bob for your comments!
> 
> As LOFAR gets nearer to implementing automatic response to TOOs, we're starting to consider the real nuts & bolts of the situation. One of the obvious questions is how can we be certain that the events we're responding to are real alerts from the facilities we're interested in, and not malicious or accidental forgeries. I'm not sure how likely forged events are, but it seems to be a possibility we should at least consider, given the potential disruption & expense they could cause.
> 
> Both of the solutions mooted seem broadly technically viable (although I have a couple of areas of concern about both), but it's disappointing to see no widespread community support yet. I guess that's something we need to work on…
> 
> Cheers,
> 
> John
> 
> 
> On 24 Jan 2012, at 23:46, Rob Seaman wrote:
> 
>> Hi John,
>> 
>> I believe both remain valid points of view.  What the WG had decided - at least for v2.0 - was not to include explicit hooks for the signatures in the schema itself, but this shouldn't strongly impact any of the options.  Few of the many and varied transient alert projects have had strong immediate signing requirements.  Do you have a specific project need here?
>> 
>> Rob
>> --
>> 
>> On Jan 24, 2012, at 6:18 AM, John Swinbank wrote:
>> 
>>> Dear all,
>>> 
>>> Forgive me ignorance,
> 
> (And my typing!)
> 
>>> but I'm trying to get up to speed on previous discussions about signing VOEvents. I've seen Bob Denny's proposal at <http://www.ivoa.net/Documents/latest/VOEventDigiSig.html> and Steve Allen's publication (Astron. Nach., 329, 298-300, 2008). Both of those are a few years old now, though, and I'm wondering if either of them have gained community support/acceptance or if they state of the art has moved on to something different.
>>> 
>>> I've had quick browse through the mailing list archives, but can't seen anything very conclusive. Any thoughts or references on current best practice?
>>> 
>>> Thanks!
>>> 
>>> John
>> 
> 
> 
>

More information about the voevent mailing list