[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] private keys: per-database vs. per-user
From: |
Richard Levitte - VMS Whacker |
Subject: |
Re: [Monotone-devel] private keys: per-database vs. per-user |
Date: |
Wed, 19 Jan 2005 08:09:09 +0100 (CET) |
In message <address@hidden> on Tue, 18 Jan 2005 21:28:33 -0800, Nathaniel Smith
<address@hidden> said:
njs> My question, though, is this. Would we want to continue to
njs> support storing keys in one's database at all?
(yes, at least the public keys :-))
njs> Can anyone come up with any use cases where it is important to
njs> store separate private keys for separate projects?
There's the typical paranoid case: what happens if someone steals or
cracks your private key? Do you really want *all* the projects you
take part in (not just *your* projects) to be exposed at once? If my
private key was stolen (not likely, but I can't assume it's
impossible), monotone will be affected since it is used to sign
whatever I contribute there.
Of course, the issue can be resolved by using different key IDs for
each key (I could have used address@hidden for the key I
use for monotone development), or having each project in separate
databases (this isn't possible if you want to serve them all through
the same server).
Cheers,
Richard
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte address@hidden
http://richard.levitte.org/
"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
-- C.S. Lewis