Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Apr 17 19:36:00 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3I2a01H005545 for ; Tue, 17 Apr 2007 19:36:00 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3I2a2N6005249 for ; Tue, 17 Apr 2007 19:36:02 -0700 Message-Id: <200704180236.l3I2a2N6005249@bourbon.usc.edu> To: cs551@merlot.usc.edu Subject: Re: About delete Date: Tue, 17 Apr 2007 19:36:02 -0700 From: william@bourbon.usc.edu Someone wrote: > I am not clear how the delete works? > When a node gets a delete packet it verifies it with all the .pem files > he has in his home directory and then matches the contents(file name, > sha1, nonce) provided in the delete packet > nad then deletes the file.. > is it the right flow isn't it very inefficient or am I missing something? This is inefficient. If you look at the sample signed File Spec: http://merlot.usc.edu/cs551-s07/projects/cert/signed.txt You should see that the following 3 lines are visible to your program: FileName=... SHA1=... Nonce=... So, you can extract the FileName, SHA1, and Nonce values from a signed File Spec *before* to try to verify any digital signatures. Then you can use, say, the SHA1 index structure to find all files with the same SHA1 files, open their metadata files and find a subset that has the same Noce (hopefullly, there is only one such file since you should not have duplicates), then apply the corresponding certificate file to verify digital signature. -- Bill Cheng // bill.cheng@usc.edu