Re: [Monotone-devel] Re: key trust

[Richard Levitte - VMS Whacker]

In message <address@hidden> on Wed, 12 Oct 2005 16:15:39 -0700, Conrad 
Steenberg <address@hidden> said:

conrad> On Wed, 2005-10-12 at 23:10 +0100, Bruce Stephens wrote:
conrad> > Richard Levitte - VMS Whacker <address@hidden> writes:
conrad> > > No, I was thinking of making good use of things like
conrad> > > policy attributes at assign roles or rights to a
conrad> > > certificate holder.  But sure, if you want, there's always
conrad> > > the possibility of coupling the whole thing with a
conrad> > > replicated LDAP repository and do the math with it :-).
conrad> 
conrad> Adding these non-standard attributes to X509 certs is far
conrad> worse than inventing your own certificate system:

You do see that I write about policy attributes, right?  I did mean
policy extensions, sorry about that slip.  Either way, policy
extensions are *standard* extension to X.509 certs, and to anyone but
the end points, they're really just numbers, which can be mapped to
other numbers (using another standard extension, policy mappings).

That's not really where the problems using X.509 lies.  Real use of
X.509 requires the presence of a network (or that you replicate a
selection of LDAP repositories and whatnot onto your computer).
monotone is meant to work off-line.

Cheers,
Richard

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

-- 
Richard Levitte                         address@hidden
                                        http://richard.levitte.org/

"When I became a man I put away childish things, including
 the fear of childishness and the desire to be very grown up."
                                                -- C.S. Lewis