[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Monotone-devel] Re: key-management problem
|
From: |
Bruce Stephens |
|
Subject: |
[Monotone-devel] Re: key-management problem |
|
Date: |
Thu, 16 Jun 2005 17:12:02 +0100 |
|
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux) |
Bruce Stephens <address@hidden> writes:
[...]
> It's probably not hard to write the necessary code to resign all the
> relevant certs, but I can't think of any particularly good way to
> recover without coding.
Now I come to think of it, this is likely to be tricky.
If you resign something with a different key, then its identity has to
change. So this'll only be possible if you can resign all the
dependent certs, too.
And if you can do that (for example if it's a private database with
some local work in it), then maybe a better option would be to check
out the source and recommit it to a different database, just losing
the history.
Hmm, I guess it all depends on the specifics. I think an easy fix has
to be impossible, though: you can't just resign a cert with a changed
key or keyid, because certs dependent on that were signed with the
older key,keyid pair, and so they can't remain valid.