[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Monotone-devel] Re: key trust
|
From: |
Richard Levitte - VMS Whacker |
|
Subject: |
[Monotone-devel] Re: key trust |
|
Date: |
Wed, 12 Oct 2005 10:36:15 +0200 (CEST) |
In message <address@hidden> on Tue, 11 Oct 2005 23:52:12 -0700, Nathaniel Smith
<address@hidden> said:
njs> On Tue, Oct 11, 2005 at 11:26:32AM -0700, Conrad Steenberg wrote:
[...]
njs> > As an example, we issue X509 certs to every member of a
njs> > collaboration, and having to manage ssh and monotone (and
njs> > other) keys is a major administrative pain. E.g. monotone keys
njs> > are not signed and have to concept of revocation lists etc.
[...]
njs> In monotone's case, though, we actually use the signatures for
njs> something a bit different, so I think different mechanisms end up
njs> being called for. Version control inherently revolves around
njs> long-term immutable archival. It's just not right that old
njs> versions of your tree disappear from a branch, because the person
njs> who committed them left the project now...
I think you're operating under some false assumptions. Just because a
certificate was revoked yesterday, it doesn't mean that a signature
made a week ago suddenly becomes invalid. All that's needed is to
attach a datetime to the thing being signed before signing it, and
compare that to the revokation datetime to know if the signature is to
be regarded as valid or not.
The biggest trouble with X.509 certs, as I see it, is that it would
automatically mean that the monotone administrators would have to run
a CA and start signing certs for the users (it may very well be a copy
of a cert from somewhere else, that's not a problem), or trust some
local CA. I do not see any gain in having monotone administrators
trust VeriSign for validity and then have to keep an internal list of
permitted users, because then what's the point?
Cheers,
Richard
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte address@hidden
http://richard.levitte.org/
"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
-- C.S. Lewis
- [Monotone-devel] Re: Transport encryption, (continued)
- Re: [Monotone-devel] Transport encryption, Jon Bright, 2005/10/13
- Re: [Monotone-devel] Transport encryption, Nathaniel Smith, 2005/10/13
- Re: [Monotone-devel] Transport encryption, Michael Neumann, 2005/10/13
- Re: [Monotone-devel] Transport encryption, Michael Neumann, 2005/10/13
- Re: [Monotone-devel] Transport encryption, Conrad Steenberg, 2005/10/11
- key trust (was Re: [Monotone-devel] Transport encryption), Nathaniel Smith, 2005/10/12
- [Monotone-devel] Re: key trust,
Richard Levitte - VMS Whacker <=
- Re: [Monotone-devel] Re: key trust, Brian Campbell, 2005/10/12
- [Monotone-devel] Re: key trust, Nathaniel Smith, 2005/10/12
- Re: [Monotone-devel] Re: key trust, Conrad Steenberg, 2005/10/12
- Re: [Monotone-devel] Re: key trust, Richard Levitte - VMS Whacker, 2005/10/12
- Re: [Monotone-devel] Re: key trust, Conrad Steenberg, 2005/10/12
- Re: [Monotone-devel] Re: key trust, Richard Levitte - VMS Whacker, 2005/10/12
- [Monotone-devel] Re: key trust, Bruce Stephens, 2005/10/12
- Re: [Monotone-devel] Re: key trust, Conrad Steenberg, 2005/10/12
- Re: [Monotone-devel] Re: key trust, Richard Levitte - VMS Whacker, 2005/10/12
- [Monotone-devel] Re: key trust, Bruce Stephens, 2005/10/12