[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Security is hard. Let's work on policy branches any
From: |
Timothy Brownawell |
Subject: |
Re: [Monotone-devel] Security is hard. Let's work on policy branches anyway. |
Date: |
Mon, 22 Jan 2007 19:19:03 -0600 |
On Tue, 2007-01-23 at 12:03 +1100, Brian May wrote:
> What happens if Bob's access needs to be revoked, not because we don't
> trust him anymore, but because we no longer trust his key (e.g. his
> laptop was stolen).
>
> Presumably, all signatures before the event can still be trusted, but
> new ones can't be trusted. How do we allow new users to pull from a
> database which contains versions from no-longer trusted signatures?
Presumably we'll have a way to explicity list which certs by a revoked
key should be trusted.
> Bob will need to create a new key, but as his email address remains
> constant how do you distinguish the old key from the new key?
You don't identify the key by a human-readable name. Instead, you
identify it by its hash, and there's a users/ section in the policy tree
that maps the hash to something human-readable for UI purposes. So you
rename the lost key, and add the new one (maybe even with the same
name).
--
Timothy
Free (experimental) public monotone hosting: http://mtn-host.prjek.net