monotone-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Monotone Security

From: Jack Lloyd
Subject: Re: [Monotone-devel] Monotone Security
Date: Thu, 16 Oct 2008 11:41:51 -0400
User-agent: Mutt/1.5.16 (2007-06-09) 
On Thu, Oct 16, 2008 at 05:28:13PM +0200, Daniel Carrera wrote:

> Regardless of whether this stops the DOS attack or not, I think that it is 
> important that the dates on the certificates be trustworthy.

That is really really hard. In fact it seems pretty much impossible,
especially for backdating. That's because there does not seem to be
any obvious way to distinguish between a certificate that I signed a
long time ago, and you are now just seeing (due a sync/push), and one
that I just now intentionally and maliciously backdated.

I think in Monotone is it more useful to reason about causality using
the explicit revision graph rather than try to bring trusted global
clocks into it.

-Jack
reply via email to
[Prev in Thread] Current Thread [Next in Thread]