[tahoe-dev] [tahoe-lafs] #839: Copying directories containing caps from the future

Zooko Wilcox-O'Hearn zooko at zooko.com
Mon Nov 23 20:48:07 PST 2009


On Monday, 2009-11-23, at 17:51 , James A. Donald wrote:

> As always, I recommend Microsoft's MIDL/com as a example of general  
> purpose, future proof, protocol negotiation for binary complied  
> objects.  Microsoft has been the technology leader in this field  
> and is worthy of imitation.

Huh, that's interesting.  Could you summarize for us the engineering  
lessons, or point to some source which does?

I don't know anything about MIDL/com, but I know that Microsoft is  
the leader in deploying secure identifiers for code, with their  
"strong names" system in which the identifier of a library (called an  
"assembly" in CLR terms) includes the public key which can be used to  
verify the signatures on that library:

http://msdn.microsoft.com/en-us/magazine/cc163583.aspx

Reading through that tutorial again, I'm amused to see that, while  
they use public key cryptography so that you can keep the same  
identifier and have it refer to new versions (which is what you can't  
do if you just use the secure hash of the object as the identifier of  
the object), that their assembly-loading policy will not allow you to  
change the X.Y.Z.Q version number!  So you can use strong names to  
securely load newer versions of the library, but only if you keep the  
four-part version number the same as the older version.  Heh heh heh.

Regards,

Zooko


More information about the tahoe-dev mailing list