The OOBD Book
- Web UI
- Setup your Developer Environment
The OOBD Book
|OOBD Team||S. Koehler|
|Request for Comments:4|
|Category: Draft Standard||Jan 2013|
This memo provides information about how PGP data encryption is implemented in OOBD. Distribution of this memo is unlimited.
Copyright (C) OOBD Team (2013). All Rights Reserved.
This memo describes only the technical implementation, but it's not a introduction into PGP or into data encryption as such. For more information see the reference list
PGP is a popular and well proven system to en- and decrypt data. But use it in its normal setup, means encrypting by the originator (script developer) direct to the end user would give some disadvantages:
To surround these limitations, OOBD uses a different approach:
The OOBD security concept distinguish between three different roles:
Each data file belongs to one usage group. This is realized practically by the directories in the script repository, in which the files are located, where the directory name represents the usage group
For each user:
When the user is going to use a file, the following process happens inside the application
This RFC raises security issues. It's need to make sure that the secret key files and expecially both passphases are protected against unauthorized access and reverse engineering.
Phone: +49 172 410 35 98
Copyright (C) OOBD Team (2012). All Rights Reserved.
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the OOBD Team organizations, except as needed for the purpose of developing standards in which case the procedures for copyrights defined in the Standards process must be followed, or as required to translate it into languages other than English.
The limited permissions granted above are perpetual and will not be revoked by the OOBD Team or its successors or assigns.
This document and the information contained herein is provided on an “AS IS” basis and THE OOBD TEAM DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.“ Relation to other RFCs
The OOBD-RFC announcements are distributed via the firstname.lastname@example.org mailing list.
To join (or quit) the list goto https://groups.google.com/forum/?hl=de&fromgroups=#!forum/oobd-commit-messages