[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Monotone Security
From: |
Jack Lloyd |
Subject: |
Re: [Monotone-devel] Monotone Security |
Date: |
Thu, 16 Oct 2008 11:41:51 -0400 |
User-agent: |
Mutt/1.5.16 (2007-06-09) |
On Thu, Oct 16, 2008 at 05:28:13PM +0200, Daniel Carrera wrote:
> Regardless of whether this stops the DOS attack or not, I think that it is
> important that the dates on the certificates be trustworthy.
That is really really hard. In fact it seems pretty much impossible,
especially for backdating. That's because there does not seem to be
any obvious way to distinguish between a certificate that I signed a
long time ago, and you are now just seeing (due a sync/push), and one
that I just now intentionally and maliciously backdated.
I think in Monotone is it more useful to reason about causality using
the explicit revision graph rather than try to bring trusted global
clocks into it.
-Jack
- [Monotone-devel] Monotone Security, Daniel Carrera, 2008/10/14
- Re: [Monotone-devel] Monotone Security, Timothy Brownawell, 2008/10/14
- Re: [Monotone-devel] Monotone Security, Daniel Carrera, 2008/10/15
- Re: [Monotone-devel] Monotone Security, Peter Stirling, 2008/10/15
- Re: [Monotone-devel] Monotone Security, Daniel Carrera, 2008/10/15
- Message not available
- Message not available
- Re: [Monotone-devel] Monotone Security, Peter Stirling, 2008/10/16
- Re: [Monotone-devel] Monotone Security, Daniel Carrera, 2008/10/16
- Re: [Monotone-devel] Monotone Security, Daniel Carrera, 2008/10/16
- Re: [Monotone-devel] Monotone Security,
Jack Lloyd <=
- Re: [Monotone-devel] Monotone Security, Daniel Carrera, 2008/10/16
- Re: [Monotone-devel] Monotone Security, Jack Lloyd, 2008/10/16
- Re: [Monotone-devel] Monotone Security, Daniel Carrera, 2008/10/16
- Re: [Monotone-devel] Monotone Security, Nathaniel Smith, 2008/10/16
- Re: [Monotone-devel] Monotone Security, Thomas Keller, 2008/10/17
- Re: [Monotone-devel] Monotone Security, Zack Weinberg, 2008/10/16
- Re: [Monotone-devel] Monotone Security, Daniel Carrera, 2008/10/16
- Re: [Monotone-devel] Monotone Security, Ethan Blanton, 2008/10/16
- Re: [Monotone-devel] Monotone Security, Daniel Carrera, 2008/10/16
- Re: [Monotone-devel] Monotone Security, Zack Weinberg, 2008/10/16