Re: [Monotone-devel] Re: Rosterify and certificate keys

[hendrik]

On Tue, Apr 11, 2006 at 10:25:11AM +0200, Richard Levitte - VMS Whacker wrote:
> In message <address@hidden> on Tue, 11 Apr 2006 09:31:07 +0200, Tom Koelman 
> <address@hidden> said:
> 
> tkoelman> > It's yucky, but necessary when history gets rebuilt.
> tkoelman> 
> tkoelman> I understand that. It would be very pleasant though, when
> tkoelman> given a collection of private keys, the conversion process
> tkoelman> would try to keep as much certificate keys original as
> tkoelman> possible.
> 
> Uhmm, do you really hold all the needed *private* keys, or just your
> own?  I dunno about you, but if it was my project, I wouldn't want to
> have my fellow developpers' private keys.

While it's still not clear to me why everything needs to be re-signed, I 
am resigned to the new reality.

Maybe, when everything has to be recertified because of a change in the 
way things are certified, what we need is a new-style certificate that 
certifies that the object had been properly certified.  That wat the 
new certificate could be signed by a new signer and contain the 
information that the original one had been signed by whoever signed it.  
This decouples somewhat the identity of the person responsible for the 
original content from trust in the person signing the new ceriticate.

-- hendrik