monotone-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Monotone-devel] Re: Rosterify and certificate keys

From: Bruce Stephens
Subject: [Monotone-devel] Re: Rosterify and certificate keys
Date: Tue, 11 Apr 2006 15:38:23 +0100
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux) 
address@hidden writes:

[...]

> Maybe, when everything has to be recertified because of a change in
> the way things are certified, what we need is a new-style
> certificate that certifies that the object had been properly
> certified.  That wat the new certificate could be signed by a new
> signer and contain the information that the original one had been
> signed by whoever signed it.  This decouples somewhat the identity
> of the person responsible for the original content from trust in the
> person signing the new ceriticate.

Maybe.  My guess is that the monotone cabal would argue that that's a
lot of complexity for events that (they hope) will be rare, that
complexity in security systems is bad, and that this would be mostly
to support the current trust stuff which isn't really very good
anyway.

Maybe there's a general utility in allowing people to attach certs to
certs, or something like that.  Maybe just to add their own signatures
to existing certs?  I don't think it's obviously a good idea, though.

(There is no monotone cabal, of course.)
reply via email to
[Prev in Thread] Current Thread [Next in Thread]