[Monotone-devel] Re: key trust

[Nathaniel Smith]

On Wed, Oct 12, 2005 at 10:36:15AM +0200, Richard Levitte - VMS Whacker wrote:
> In message <address@hidden> on Tue, 11 Oct 2005 23:52:12 -0700, Nathaniel 
> Smith <address@hidden> said:
> njs> In monotone's case, though, we actually use the signatures for
> njs> something a bit different, so I think different mechanisms end up
> njs> being called for.  Version control inherently revolves around
> njs> long-term immutable archival.  It's just not right that old
> njs> versions of your tree disappear from a branch, because the person
> njs> who committed them left the project now...
> 
> I think you're operating under some false assumptions.  Just because a
> certificate was revoked yesterday, it doesn't mean that a signature
> made a week ago suddenly becomes invalid.  All that's needed is to
> attach a datetime to the thing being signed before signing it, and
> compare that to the revokation datetime to know if the signature is to
> be regarded as valid or not.

I don't understand -- Alice writes out a cert saying "in June, I say
version da39 is good".  Then her cert gets revoked with a July
timestamp.  So Bob trusts the cert that says "in June, ...", because
June < July.  Then in December Mallory comes along, with his cracked
copy of Alice's old key, and writes out a cert saying "in June, I say
version 0123 is good".  So Bob trusts _that_ cert too...

More generally, we don't have reliable date-time -- even if we could
somehow force people to not outright lie about times, we don't have a
centralized clock they could use (and should not add such a
requirement).

-- Nathaniel

-- 
"But in Middle-earth, the distinct accusative case disappeared from
the speech of the Noldor (such things happen when you are busy
fighting Orcs, Balrogs, and Dragons)."