[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Security is hard. Let's work on policy branches any
Re: [Monotone-devel] Security is hard. Let's work on policy branches anyway.
Tue, 23 Jan 2007 13:10:30 +1100
Gnus/5.110006 (No Gnus v0.6) XEmacs/21.4.19 (linux)
>>>>> "Timothy" == Timothy Brownawell <Timothy> writes:
Timothy> You don't identify the key by a human-readable
Timothy> name. Instead, you identify it by its hash, and there's a
Timothy> users/ section in the policy tree that maps the hash to
Timothy> something human-readable for UI purposes. So you rename
Timothy> the lost key, and add the new one (maybe even with the
Timothy> same name).
Unfortunately, as currently implemented, get_netsync_read_permitted
and get_netsync_write_permitted (and probably others), use the
human-readable name, not the hash.
In fact, according to the documentation, what you describe cannot
happen, as it is not possible to have more then one key share the same
human readable name:
"Note that the identity value is a key ID (such as
"address@hidden") but will correspond to a unique key
fingerprint (hash) in your database. Monotone will not permit
two keys in your database to have the same ID. Make sure you
confirm the key fingerprints of each key in your database, as
key ID strings are "convenience names", not security tokens."
What you say does sound to me to be like the right solution.
Brian May <address@hidden>