Re: [Monotone-devel] [RFC] versioned policy -- introduction

[Nathaniel Smith]

On Thu, Sep 07, 2006 at 09:07:43AM +0200, Richard Levitte - VMS Whacker wrote:
> In message <address@hidden> on Thu, 07 Sep 2006 09:06:15 +0200 (CEST), 
> Richard Levitte - VMS Whacker <address@hidden> said:
> 
> richard> I still don't understand why keys would be stored by name.  In the
> richard> rest of the security community, keys are identified by a form of 
> hash,
> richard> or a fingerprint if you will.  There is of course the usual risk that
> richard> you can get two keys with the same hash (fingerprint), but since a 
> key
> richard> has certain properties and a structure that can't be altered without
> richard> invalidating it, the risk is minimal, so in essense, you can
> richard> practically say that there's a 1:1 mapping between keys and their
> richard> fingerprint.
> 
> Oh, and I'm not saying that *users* should have to identify keys by
> key id, just the software itself.

User names are exactly the ones I'm talking about :-).

It's important that a community has a shared vocabulary for
referencing objects.  I'll suppress my impulse to go off on a long
digression about the relation between this goal and pet names systems,
SPKI, blah blah blah, but basically the point is that no-one is going
to use key hashes to see who committed that last change, and the group
has to agree on these names so they can talk to each other.

-- Nathaniel

-- 
"...All of this suggests that if we wished to find a modern-day model
for British and American speech of the late eighteenth century, we could
probably do no better than Yosemite Sam."