1 files changed, 34 insertions, 63 deletions
diff --git a/dev/archive/signing.mdwn b/dev/archive/signing.mdwn
index 0dfd6be..0076ae8 100644
--- a/dev/archive/signing.mdwn
+++ b/dev/archive/signing.mdwn
@@ -11,6 +11,12 @@ retrieve packages from the archive.
 Implementation
 ==============
 
+**TODO:** ProteanOS is implementing [Ed25519][ed25519] signatures, likely
+without OpenPGP PKI.  The pro-archman and prokit sections below will need some
+rethinking.
+
+**TODO:** Consider [ucert][].
+
 ProteanOS Archive Manager
 -------------------------
 
@@ -39,6 +45,18 @@ key(s) into their keyring.
 If keys are distributed with prokit, **revocations and key transitions need to
 be handled somehow**.
 
+New keys can be distributed with new versions of prokit, though this would
+require users to upgrade prokit to get new keys.  Revocations, being more of a
+security risk that can go unnoticed by users, would need to be more actively and
+immediately received by users.  prokit could perhaps check a key server (over
+HKPS) each time before using a key.
+
+And if prokit needs to check key servers anyway, it could also use them to find
+new archive signing keys, as long as at least one "seed" key is distributed with
+prokit.  prokit should find and use only archive signing keys (by a user ID
+specified in the profile) that are signed by a non-revoked previous key (or a
+signed chain of keys with the user ID).
+
 A user already has to import a key into their own keyring to verify their prokit
 download.  Maybe it's better to just instruct users to also download the archive
 signing key(s) into their keyrings.  This takes advantage of existing PKI, and
@@ -51,66 +69,19 @@ Suggestions welcome.
 Opkg
 ----
 
-The opkg package manager supports verifying package feeds.  This feature
-requires linking against the [GnuPG Made Easy (GPGME) library][gpgme].
-
-ProteanOS packages for GPGME and its dependencies need to be prepared and
-uploaded.  gpgme depends on libgpg-error (packaged and uploaded) and libassuan.
-Its testsuite depends on gnupg.  gnupg in turn depends on libgpg-error,
-libgcrypt, libassuan, libksba, and npth.  libgcrypt depends on libgpg-error.
-Below is a DOT-language digraph representation of these dependencies that can be
-rendered with Graphviz.
-
-Once gpgme and its dependencies are packaged in ProteanOS, opkg can be built
-with package feed verification.  This feature should be optional.  The `opkg`
-source package should have two builds, with and without verification enabled.
-This will probably mean generating new binary packages `opkg-gpg` and
-`libopkg.1-gpg` (which will conflict with `opkg` and `libopkg.1` respectively)
-and installing data files into binary package directories without the aid of
-`oh-installfiles`.  Although, option 1 of the [[static_libopkg|pkg/opkg/static]]
-plan would simplify this by getting rid of the `libopkg.1` and `libopkg.1-dev`
-packages altogether.  The `opkg` source package could then build just `opkg`,
-`opkg-gpg`, `opkg-dbg`, and `opkg-doc` binary packages.
-
-The DOT-language dependency graph (which can be rendered as a PNG image with the
-command pipeline in the header comment, if saved as `gpgme.dot`):
-
-    /*
-     * Dependencies of GPGME
-     *
-     * Render by running:
-     *   ccomps -x gpgme.dot | dot | gvpack | neato -n2 -Tpng -ogpgme.png
-     */
-    
-    digraph deps {
-    	graph [fontname="FreeSans"];
-    	node [fontname="FreeSans"];
-    	edge [fontname="FreeSans"];
-    
-    	subgraph cluster_gpgme {
-    		style = filled;
-    		color = "#0093dd";
-    		node [style=filled];
-    		label = "gpgme";
-    
-    		"gpgme" [color=red];
-    		"libgpg-error" [color=green];
-    		"libassuan" [color=red];
-    		"gnupg" [color=red];
-    		"libgcrypt" [color=red];
-    		"libksba" [color=red];
-    		"npth" [color=red];
-    	}
-    
-    	"gpgme" -> "libgpg-error";
-    	"gpgme" -> "libassuan";
-    	"gpgme" -> "gnupg" [color=gray,label="testsuite"];
-    	"gnupg" -> "libgpg-error";
-    	"gnupg" -> "libgcrypt";
-    	"gnupg" -> "libassuan";
-    	"gnupg" -> "libksba";
-    	"gnupg" -> "npth";
-    	"libgcrypt" -> "libgpg-error";
-    }
-
-[gpgme]: https://www.gnupg.org/software/gpgme/index.html
+ProteanOS [[now|dev/opkg/future]] uses [opkg-lede][] with [usign][], a
+lightweight implementation of the [Ed25519][ed25519] public-key signature
+system.
+
+Archive Keyring
+---------------
+
+The package archive keyring will need to be maintained in a ProteanOS package.
+Key transitions, expiration changes, and revocations will be performed by
+revisions to this package.  It should possibly be upgraded automatically to
+ensure that installed systems always have up-to-date keys.
+
+[ucert]: https://git.openwrt.org/?p=project/ucert.git;a=blob;f=README.md;hb=HEAD
+[opkg-lede]: https://git.openwrt.org/?p=project/opkg-lede.git;a=summary
+[usign]: https://git.openwrt.org/?p=project/usign.git;a=summary
+[ed25519]: https://ed25519.cr.yp.to/