[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Re: Multiple private keys in 0.24
|
From: |
Daniel THOMPSON |
|
Subject: |
Re: [Monotone-devel] Re: Multiple private keys in 0.24 |
|
Date: |
Mon, 05 Dec 2005 08:55:17 +0000 |
On Mon, 2005-12-05 at 01:03 +0000, Bruce Stephens wrote:
> It seems a bit overcomplex, though; what's the rationale for wanting
> to call different keys by the same name anyway? Is it just the
> limited namespace for keys (a restricted form of email address), or is
> it just the upgrade issue?
Assuming one works on multiple projects (e.g. monotone and coLinux) then
having separate keys with the same e-mail address does make sense to
some degree. For example if the private key for one project is
compromised then only that project needs to go to the trouble of
revoking the key (and reviewing all changes signed with that key).
Although if the keys were compromised by a single weak password or a
bug in monotone then I guess it is likely that both private keys would
be compromised at the same time.
--
Daniel Thompson (STMicroelectronics) <address@hidden>
1000 Aztec West, Almondsbury, Bristol, BS32 4SQ. 01454 462659
If a car is a horseless carriage then is a motorcycle a horseless horse?