You can clone with
HTTPS or Subversion.
via email from @benadida
Split bin/bigtent code into two components: one that does almost everything except keysigning, and the other that does keysigning. As in the typical BrowserID code, the keysigning functionality should be proxied from the first component to the other. This is so we have a layer of defense in case attackers penetrate the top-level machine, they don't have access to the keysigning functionality.
I recommend we do this in much the same way we BrowserID splitting. In fact, Lloyd's figured out so much of the details of proxying properly that we really should reuse his code as is, maybe even turn it into a reusable.
Assigning to lloyd, as he expressed interest.
Our code freeze date is 5/20 and this will take me 3-4 days, so let me know if I should take this one.
You can see how I tackled this in
Probably you'll have a much easier time with the codez.
I got sick and was supposed to have helped on this by now. Am I too late if I spend a timeboxed couple hours in the next 24?
No, you'll be more efficient than me, go for it.
Please take Issue #28 into account.
I've begun work on this: https://github.com/lloyd/browserid-keysigner
It's a functional keysigner at this point. I'll clean up documentation and the initial implementation work on integration here.
hows this look?
This is awesome. I'll comment on commits in that repo.
Do you have a branch of bigtent which uses keysigner?
no! not yet. I will make this one of my goals for tomorrow. I have a tiny handful of issues open before I can attack this
(issues here, I mean: https://github.com/lloyd/browserid-keysigner/issues)
@lloyd has landed the new service.
I've integrated it in the 'certifier' BT branch.
Will merge after code cleanup and other patches land to avoid conflicts.
I've merged the new certifier code.
The next time you update BigTent....
You must deploy a certifier locally.
You must update your config with hostname and port of the certifier.
The certifier must be running before starting up bigtent.
See updated docs in both BigTent and Certifier
/cc @callahad @fetep