Re: [Monotone-devel] private keys: per-database vs. per-user

[Richard Levitte - VMS Whacker]

In message <address@hidden> on Tue, 18 Jan 2005 21:28:33 -0800, Nathaniel Smith 
<address@hidden> said:

njs> My question, though, is this.  Would we want to continue to
njs> support storing keys in one's database at all?

(yes, at least the public keys :-))

njs> Can anyone come up with any use cases where it is important to
njs> store separate private keys for separate projects?

There's the typical paranoid case: what happens if someone steals or
cracks your private key?  Do you really want *all* the projects you
take part in (not just *your* projects) to be exposed at once?  If my
private key was stolen (not likely, but I can't assume it's
impossible), monotone will be affected since it is used to sign
whatever I contribute there.

Of course, the issue can be resolved by using different key IDs for
each key (I could have used address@hidden for the key I
use for monotone development), or having each project in separate
databases (this isn't possible if you want to serve them all through
the same server).

Cheers,
Richard

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

-- 
Richard Levitte                         address@hidden
                                        http://richard.levitte.org/

"When I became a man I put away childish things, including
 the fear of childishness and the desire to be very grown up."
                                                -- C.S. Lewis