monotone-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Monotone-devel] Re: Rosterify and certificate keys

From: Tom Koelman
Subject: [Monotone-devel] Re: Rosterify and certificate keys
Date: Tue, 11 Apr 2006 09:31:07 +0200
User-agent: Gnus/5.110003 (No Gnus v0.3) Emacs/22.0.50 (windows-nt) 
Bruce Stephens <address@hidden> writes:

> Tom Koelman <address@hidden> writes:
>
>> I just rosterified a database. On inspecting the contents of the new
>> database I found out that all certificates had been reissued with my
>> own e-mail-adress. This would be an issue for a trust model based on
>> who handed out what certificate.
>
> Yes indeed.
>
>> Is there some way in which I can make the certificates keep their
>> original key?
>
> No, because the certs have been resigned (because the revision numbers
> changed), and you (presumably) don't have all the relevant private
> keys.
>
> Presumably for specific problems you can hack something that'll work:
> if you're using particular certs, you could get a list of revisions
> with the author cert not you, and get the original author to create
> certs for those, and then delete the unnecessary certs if necessary
> (probably using SQL).  

Well, no. All the revision hashes have changed and there is as far as
I can tell no automatable way to map old revision hashes to new
ones. So I have no way of knowing which certificate to hand out to
which revision.

> It's yucky, but necessary when history gets rebuilt.

I understand that. It would be very pleasant though, when given a
collection of private keys, the conversion process would try to keep
as much certificate keys original as possible. Currently we don't rely
heavily on them in our build process, but it already is inconvenient
not being able to see who handed out certain certificates.

Regards,
Tom Koelman
reply via email to
[Prev in Thread] Current Thread [Next in Thread]