OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Tibor SZABO (szabo.tiborLN.MATAV.HU)
Date: Tue Feb 27 2001 - 07:15:54 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    >>>>>>>>>>>>>>
    Isn't the ECL merely based on string matching of the signer
    rather than checking a certificate or an encrypted key?
    <<<<<<<<<<<<<<

    The ECL elements are strings, but the execution controlling itself is based
    on digital signatures.

    If somebody signs a piece of program-code with a fake "Lotus Notes Template
    Development" ID (as someone mentioned eralier in this list), or signs a
    piece of code with any other fake ID with a name, which already has a
    corresponding Notes cross-certificate entry in your personal address-book,
    during the execution of this code your Notes client program warns you in a
    pop-up window, that this signature is invalid - and you have opportunity to
    abort_the_execution, execute_it_only_once or trust_signer. "Trust signer"
    allows the execution of ALL_unsigned_piece_of_code with this type of tasks
    in the future.

    If a piece of code has a known signature ("known" means that it already has
    a corresponding Notes cross-certificate entry in your personal
    address-book), then your notes client performs the required task, if it is
    allowed in the ECL for that name. If the execution of this type of task is
    not allowed, then you will be warned in a pop-up window - and you have
    opportunity to abort_the_execution, execute_it_only_once or trust_signer.

    If a piece of code has an unknown signature, your notes client performs the
    required task only when the -default- entry in the ECL allows the
    execution. If not allowed (for -defaulft-) this task, then you will be
    warned in a pop-up window - and you have opportunity to
    abort_the_execution, execute_it_only_once or trust_signer. "Trust signer"
    allows ALL_piece_of_code_with_unknown_signature on them this type of tasks
    in the future.

    If a piece of code has no signature at all, your notes client performs the
    required task only when the -unsigned- entry in the ECL allows the
    execution. If not allowed (for -unsigned-) this task, then you will be
    warned in a pop-up window - and you have opportunity to
    abort_the_execution, execute_it_only_once or trust_signer. "Trust signer"
    allows ALL_piece_of_code_without_signature on them this type of tasks in
    the future.

    Allowing a function by ECL means, that in the future you won't be warned
    when this type of task is to be executed. Of course you can revoke any
    permission at any time.

    Tibike

    ps: sorry my bad English