[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Trust in monotone (was Re: [Monotone-devel] newbie question - SHA1 vs se
From: |
Nathaniel Smith |
Subject: |
Trust in monotone (was Re: [Monotone-devel] newbie question - SHA1 vs serials) |
Date: |
Tue, 19 Apr 2005 11:19:03 -0700 |
User-agent: |
Mutt/1.5.8i |
On Tue, Apr 19, 2005 at 09:50:57AM -0700, K. Richard Pixley wrote:
> In other messages, I've agreed that some form of repository
> authentication would solve the problem. Long term, I think this sort of
> feature would be very useful in monotone, even aside from the issue of
> man-in-the-middle and imposter attacks.
>
> As I read the manual, (the sum of my monotone experience), monotone is
> currently vulnerable to these problems already. And finding a means of
> addressing it would seem to be a welcome addition in any case.
We do have "repository authentication" at netsync time -- mostly as a
way to prevent public monotone servers from being turned into warez
distribution networks, etc.
For more protection, we prefer to define trust at the edges; there's
at least a somewhat thought-out design for how to do this more
systematicall (the current get_revision_cert_trust hook is very much a
stopgap measure). Anyone interested can see some discussion:
http://frances.vorpus.org/~njs/mt-permission.log
Trust is also a rather serious problem with serials. The case where I
have foo.bar.com and someone sends me 1:foo.bar.com isn't so bad; the
bad case is where I have foo.bar.com and someone else sends _you_
1:foo.bar.com, you have no way to tell whether it's valid or not, and
now when I tell you "hey, can you check out this bug I'm working on
in 1:foo.bar.com?", you may unknowingly check out and run the evil
person's code instead. Hashes, you _always_ can communicate reliably.
-- Nathaniel
--
.i dei jitfa fanmo xatra
- Re: [Monotone-devel] newbie question - SHA1 vs serials, (continued)
- Re: [Monotone-devel] newbie question - SHA1 vs serials, Richard Levitte - VMS Whacker, 2005/04/20
- Re: [Monotone-devel] newbie question - SHA1 vs serials, Joel Crisp, 2005/04/20
- Re: [Monotone-devel] newbie question - SHA1 vs serials, Jon Bright, 2005/04/20
- Re: [Monotone-devel] newbie question - SHA1 vs serials, Joel Crisp, 2005/04/20
- Re: [Monotone-devel] newbie question - SHA1 vs serials, Jon Bright, 2005/04/20
- Re: [Monotone-devel] newbie question - SHA1 vs serials, Richard Levitte - VMS Whacker, 2005/04/20
- Re: [Monotone-devel] newbie question - SHA1 vs serials, Jon Bright, 2005/04/21
- Trust in monotone (was Re: [Monotone-devel] newbie question - SHA1 vs serials),
Nathaniel Smith <=
- Re: Trust in monotone (was Re: [Monotone-devel] newbie question - SHA1 vs serials), K. Richard Pixley, 2005/04/19
- Re: Trust in monotone (was Re: [Monotone-devel] newbie question - SHA1 vs serials), Nathaniel Smith, 2005/04/19
- Re: Trust in monotone (was Re: [Monotone-devel] newbie question - SHA1 vs serials), K. Richard Pixley, 2005/04/19
Re: [Monotone-devel] newbie question - SHA1 vs serials, Richard Levitte - VMS Whacker, 2005/04/19
[Monotone-devel] Re: newbie question - SHA1 vs serials, Bruce Stephens, 2005/04/20
Re: [Monotone-devel] newbie question - SHA1 vs serials, eli . carter, 2005/04/20