Re: [Monotone-devel] Dealing with lost key

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Dealing with lost key

From:	Timothy Brownawell
Subject:	Re: [Monotone-devel] Dealing with lost key
Date:	Sun, 18 Jan 2009 02:29:48 +0000

On Sat, 2009-01-17 at 15:05 -0800, dlakelan wrote:
> Timothy Brownawell wrote:
> > On Thu, 2009-01-15 at 14:19 -0800, dlakelan wrote:
> >> I've lost a key which has been used to certify a variety of things in 
> >> one project. I've generated a new key, and now I'd like to replace all 
> >> the old certificates with new certificates from the new key, and have my 
> >> collaborators do the same... so we don't get a lot of warnings about 
> >> incorrect certs. How can I do this?
> > 
> > There's no simple way to replace certs like that, the easiest solution
> > is to just keep them and make sure the new key has a different name.
> ...
> > If you really do need to delete the old certs and generate new ones,
> > something along these lines would probably work (not tested, may ruin
> > your db)...
> ....
> 
> Thanks for your suggestions. I think we will simply keep the old public 
> key and certs.
> 
> If there is no way to invalidate a key, then it seems difficult to deal 
> with a security issue such as when a key is compromised and that key may 
> be signing malicious code which collaborators are unaware of... for example.
> 
>  From a security standpoint, it seems to me that monotone should have a 
> way to at the very least, expire trust in a key.

Currently the only way to do that is with the get_revision_cert_trust
lua hook,
   http://monotone.ca/docs/Hooks.html#Trust-Evaluation-Hooks
which will have to be set up by everyone. (Yes, we know this isn't
ideal.)

> Also, if asked to generate a new key, monotone should refuse if that key 
>   name is already known to monotone, unless some kind of 
> --force-overwrite-key switch is given...perhaps it already does?

It does.

> Finally, the documentation should stress the fact that two keys with the 
> same name are not supported...

...I guess this would go in the Conecpts => Certificates section (1.4).

>  and it seems to me that it should be 
> possible within monotone to ask it to drop signatures and to re-sign 
> certificates with a new key.

Dropping anything really doesn't work with our architecture. If *anyone*
forgets to drop it, it will come back next time that person syncs.

> Thanks to the monotone developers for a very nice revision control system!
> Dan

:)

[Prev in Thread]

Current Thread

[Next in Thread]

[Monotone-devel] Dealing with lost key, dlakelan, 2009/01/15
- Re: [Monotone-devel] Dealing with lost key, Timothy Brownawell, 2009/01/17
  - Re: [Monotone-devel] Dealing with lost key, dlakelan, 2009/01/17
    - Re: [Monotone-devel] Dealing with lost key, Timothy Brownawell <=
    - Re: [Monotone-devel] Dealing with lost key, dlakelan, 2009/01/17
    - Re: [Monotone-devel] Dealing with lost key, Brian May, 2009/01/18
    - Re: [Monotone-devel] Dealing with lost key, Ethan Blanton, 2009/01/18
    - Re: [Monotone-devel] Dealing with lost key, dlakelan, 2009/01/21
    - Re: [Monotone-devel] Dealing with lost key, Ethan Blanton, 2009/01/22

Prev by Date: Re: [Monotone-devel] encrypted netsync (was: merging in "serve raw 'automate stdio' over network")
Next by Date: Re: [Monotone-devel] Dealing with lost key
Previous by thread: Re: [Monotone-devel] Dealing with lost key
Next by thread: Re: [Monotone-devel] Dealing with lost key
Index(es):
- Date
- Thread