Proposal for a (future) evolution of Possum Software
- The scope is the Protocol and Software Suite of the Signing Server.
- At the moment, this is assumed not to change from the current suite.
Future enhancements to the Protocol would see a re-engineering, as suggested by the requirements in Possum.
- The current suite could be improved for footprint and security.
- See
Possum for main information
Technology/Laboratory/Software/Possum for the developed design scope of the Software (this page)
Technology/Laboratory/Hardware/Possum for the developed design scope of the Hardware
Brain/Study/Possum/Hardware for the ongoing project concept
Requirements
Software
- - Capable of digital signing
- - Signing of keys to make certs
- - Basic checks over certs
- - Signing of revocations to make CRLs or OCSP
- - Keeps logs of all requests received and handled
- - Delivers logs on request
- - Offloading and deletion of logs
- - Protocol driver
- - Handles all requests
- - Handles restart / loss of sync or somesuch
- - Management access
- - Logging of management access, commands issued
Protocol
- - Certificate operations
- - Certificate signing
- - Certificate revocation
- - Roots are multiple and hierarchical
- - Serial number control? Who is responsible, caller or server?
- - Capable of layering over different packet networks.
- - Request-response model
- - Simple layout
- - Some Management requests
- - Timesync
- - Vital statistics request
- - Highly reliable
- - survives loss of communication
- - Syncing / reset
- - Simple layout
- - Not readable text
- - Capable of multiple implementations, including basic-to-oo.
Management Interface
- All of these features are as required by the rest of the design.
- - Create roots or load up roots
- - Check status of logs
- - Check vital statistics
- - Debug
- - Backup / offload