[e-lang] Module naming and identification

zooko zooko at zooko.com
Sun Apr 12 23:48:09 EDT 2009 

> It would be better if there was a standardized URI-which-designates- 
> the-data-with-this-hash


There have been some stabs at using cryptographically strong  
identifiers for software packaging.  A notable one is Microsoft's  
"Strong Names" scheme [1].

This is a full-on decentralized, secure namespace using public keys  
so that authors can dynamically issue new versions of modules. The  
public keys themselves are included in the "strong names", so there  
is no added layer of indirection "from names to public keys" to screw  
things up.

That is: instead of denoting only a fixed, immutable version of the  
data by using its secure hash, you can also denote "data signed by  
the following public key", which allows new versions of the modules  
to be accepted.

Unfortunately I don't know a lot about the use of these "strong  
names" in practice.  My vague impression is that the tradition in  
deploying Microsoft applications is just to bundle a copy of every  
library you need with your app and configure the app to use only the  
bundled versions that it brought itself. If it is true that this is  
the only way people do things in Microsoft world, then this implies  
that the innovative and powerful "strong names" packaging system is  
simply not used.

Perhaps part of the situation is that people have the typical  
misunderstandings from their identity-oriented paradigm. The  
wikipedia page [2] contains almost no information other than this  
delightful quote: "A common misconception is that Strong keys add  
security.".

Other examples of this pattern include various p2p schemes such as  
"Magnet URIs" [3], Freenet [4], and my own project, Tahoe-LAFS [4].  
Another is the Python "setuptools" tool, which accepts an optional  
md5sum in the fragment of a package URL, and if that fragment is  
present then setuptools rejects the package downloaded from that URL  
if its doesn't match the md5sum.

And then there is the wildcard: git.  Perhaps in the not-too-distant  
future hackers who have been using git's Cryptographic-Hash-Function- 
Directed-Acyclic-Graph structure to manage their source code will  
start using it also to manage their object code, and a full linux  
distribution will spring up overnight with tens of thousands of  
packages which identify each other by their SHA-1 hash. Unfortunately  
git doesn't currently have "public keys as identifiers" the way that  
Microsoft Strong Names, Freenet, and Tahoe do.

Regards,

Zooko

[1] http://msdn.microsoft.com/en-us/library/wd40t7ad.aspx
[2] http://en.wikipedia.org/w/index.php?title=Strong_name
[3] http://en.wikipedia.org/wiki/Magnet_link
[4]http://freenetproject.org
[5] http://allmydata.org/trac/tahoe/browser/docs/specifications/file- 
encoding.txt

More information about the e-lang mailing list