[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Re: partial pull #3 - calling conventions

From: Markus Schiltknecht
Subject: Re: [Monotone-devel] Re: partial pull #3 - calling conventions
Date: Mon, 28 May 2007 08:23:05 +0200
User-agent: Icedove (X11/20070329)


Christian Ohler wrote:
Space is not the scarce resource here (well, not the most important one,
at least, IMHO): time is.

I'd say: bandwith, but I guess that's what you mean with 'time'.

Pull time is not only a question of size, it's also (mainly?) a question
of the time taken by the multiple hash and signature verifications.

Ok. Still, verifying signatures on 10MB worth of data is very likely faster than verifying them on 71MB worth of data.

I'm not getting the point here. Why do you want to transfer those 10 MB? Only to overcome the 'mtn automate' issues? And what do you want to verify on those 10 MB, if you don't have the underlying revision data (the files and manifests)?

IMO, there's utterly no point in transferring manifests and certs for revisions you don't want to have.

Obviously, if monotone allows unverified data in its database, there would be a new kind of failure: Information that was assumed to be available might turn out not to be.

That's a good point. But it's the price you pay for not wanting to transfer the whole repository. However, I suspect that most users are willing to pay that.

For example, if a malicious server sends a bogus manifest to a monotone client claiming that this manifest corresponds to a certain revision id, the client might detect later on that the manifest doesn't actually hash to that id. So the client would have to discard the revision. But that's no worse than a gap. In fact, it's much simpler to deal with than a gap since monotone wouldn't have to handle such a situation particularly gracefully.

The user would probably loose some of his commits.

Or is all of the cryptographic verification that monotone does during pull really needed at that time due to security considerations (e.g. to ensure that the server doesn't perform a DoS attack on the client by sending an infinite chain of junk revisions)?

I don't think that monotone is particularly prone against DoS attacks.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]