monotone-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Security is hard. Let's work on policy branches any


From: Timothy Brownawell
Subject: Re: [Monotone-devel] Security is hard. Let's work on policy branches anyway.
Date: Mon, 22 Jan 2007 19:19:03 -0600

On Tue, 2007-01-23 at 12:03 +1100, Brian May wrote:

> What happens if Bob's access needs to be revoked, not because we don't
> trust him anymore, but because we no longer trust his key (e.g. his
> laptop was stolen).
> 
> Presumably, all signatures before the event can still be trusted, but
> new ones can't be trusted. How do we allow new users to pull from a
> database which contains versions from no-longer trusted signatures?


Presumably we'll have a way to explicity list which certs by a revoked
key should be trusted.

> Bob will need to create a new key, but as his email address remains
> constant how do you distinguish the old key from the new key?

You don't identify the key by a human-readable name. Instead, you
identify it by its hash, and there's a users/ section in the policy tree
that maps the hash to something human-readable for UI purposes. So you
rename the lost key, and add the new one (maybe even with the same
name).

-- 
Timothy

Free (experimental) public monotone hosting: http://mtn-host.prjek.net





reply via email to

[Prev in Thread] Current Thread [Next in Thread]