Re: [Monotone-devel] Re: key trust

[Richard Levitte - VMS Whacker]

In message <address@hidden> on Wed, 12 Oct 2005 08:55:09 -0700, Nathaniel Smith 
<address@hidden> said:

njs> I don't understand -- Alice writes out a cert saying "in June, I
njs> say version da39 is good".  Then her cert gets revoked with a
njs> July timestamp.  So Bob trusts the cert that says "in June, ...",
njs> because June < July.  Then in December Mallory comes along, with
njs> his cracked copy of Alice's old key, and writes out a cert saying
njs> "in June, I say version 0123 is good".  So Bob trusts _that_ cert
njs> too...

Others noted this too, and of course, it would mean we would need to
be able to find trustable time somewhere, which is usually a trustable
time server.

However, come to think of it, the time issue is really not much of an
issue, as long as revokation can be checked.  It doesn't matter if
Eve or Mallory can make signatures at any time or with any date,
because to spread their work, they will need to make it available
throught netsync, and since that's signed with their key, they would
be stopped from spreading their work from the point of revokation on.
It would mean that whatever they did between their last push/pull/sync
and the point of revokation is lost, but that's true as well if you,
as a server administrator, decide to remove their public key from the
server database in the current implementation.

I'm sure there are some corner cases that would still have to be
thought through.

Cheers,
Richard

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

-- 
Richard Levitte                         address@hidden
                                        http://richard.levitte.org/

"When I became a man I put away childish things, including
 the fear of childishness and the desire to be very grown up."
                                                -- C.S. Lewis