|
| From: | dlakelan |
| Subject: | Re: [Monotone-devel] Dealing with lost key |
| Date: | Sat, 17 Jan 2009 15:05:51 -0800 |
| User-agent: | Mozilla-Thunderbird 2.0.0.17 (X11/20081018) |
Timothy Brownawell wrote:
On Thu, 2009-01-15 at 14:19 -0800, dlakelan wrote:I've lost a key which has been used to certify a variety of things in one project. I've generated a new key, and now I'd like to replace all the old certificates with new certificates from the new key, and have my collaborators do the same... so we don't get a lot of warnings about incorrect certs. How can I do this?There's no simple way to replace certs like that, the easiest solution is to just keep them and make sure the new key has a different name.
...
If you really do need to delete the old certs and generate new ones, something along these lines would probably work (not tested, may ruin your db)...
....Thanks for your suggestions. I think we will simply keep the old public key and certs.
If there is no way to invalidate a key, then it seems difficult to deal with a security issue such as when a key is compromised and that key may be signing malicious code which collaborators are unaware of... for example.
From a security standpoint, it seems to me that monotone should have a way to at the very least, expire trust in a key.
Also, if asked to generate a new key, monotone should refuse if that key name is already known to monotone, unless some kind of --force-overwrite-key switch is given...perhaps it already does?
Finally, the documentation should stress the fact that two keys with the same name are not supported... and it seems to me that it should be possible within monotone to ask it to drop signatures and to re-sign certificates with a new key.
Thanks to the monotone developers for a very nice revision control system! Dan
| [Prev in Thread] | Current Thread | [Next in Thread] |