[Kfwdev] time stamp server gotcha with bkw.pl rollback.
Kevin Koch
kpkoch at MIT.EDU
Fri Apr 20 10:37:27 EDT 2007
I prefer /sign <timeserver>, but let's wait to hear why Sam said to not do
that.
-----Original Message-----
From: Jeffrey Altman [mailto:jaltman at secure-endpoints.com]
...
It is not possible to sign anything because the timestamp
server is specified in the custom config file as part of the Signing
Command Template. When the version of the config file from the build
tree is used the signing fails because there is no replacement for the
TIMESTAMPSERVERGOESHERE string.
How do you want to address this?
Would you prefer a new command line option to specify the timestamp
server and have it be substituted into the Signing Command Template? Or
would you prefer that a signing command file be provided? For example,
the /sign command could take an option
/sign <sign-command>
where the bkw.pl would simply execute
<sign-command> [file-list]
as a method of passing in this information. If you just want to pass
in the timeserver it could be
/sign <timeserver>
and then the Signing Command Template would need to substitute for the
TIMESERVERGOESHERE string.
Which would you prefer?
...
More information about the kfwdev
mailing list