[Monotone-devel] Re: SPKI/SDSI

[Bruce Stephens]

Nathaniel Smith <address@hidden> writes:

> I've been reading RFC 2693 [ftp://ftp.isi.edu/in-notes/rfc2693.txt] to
> prepare for CodeCon, so I can talk about plans for trust management
> without seeming totally ignorant of relevant literature :-).  It's an
> interesting read; I think there are enough differences in problem
> domain to make it non-ideal for monotone, but it's a good basis for
> discussion.  So, good thing to read (or at least skim) at some point
> if people are interested in this stuff.

Also <http://www.crypto.com/trustmgt/kn.html> is interesting.

I must admit all these things feel like nifty technical solutions in
search of too few actual problems.

In theory I think there's lots of things you could do in a uniform way
if everyone would just agree on one framework to use, but in reality
almost all specific problems seem adequately (if not completely)
solvable using simpler (if specific) solutions.  (And so long as
there's no obvious winner, it's not worth anyone going with a system
that really could do everything.)

My guess is that'll be so for whatever problems there are for
monotone: it'll be not too bad to add one or two features, and now and
again add an epicycle or two, and the immediate requirements can be
satisfied.

As a specific example, get_revision_cert_trust would probably be more
useful if it had access to all the certs for a revision.  I could
imagine wanting to ignore tags other than my own on my own branches,
and probably there are other examples.  Maybe similarly for
accept_testresult_change.  

Hmm, maybe there ought to be an lua function that returns certs for a
revision.  Then the interface for get_revision_cert_trust could just
be the revision id, name, and value, and it returns true or not,
having examined whatever certs it wants?