[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL
From: |
Markus Wanner |
Subject: |
Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL |
Date: |
Tue, 21 Oct 2008 12:35:30 +0200 |
User-agent: |
Thunderbird 2.0.0.16 (X11/20080916) |
Hi,
Daniel Carrera wrote:
>> Was there a good reason why monotone didn't use GnuPG for signatures?
>> I have a feeling it was related to speed or something.
This question also caught my interest.
> This is in the FAQ:
Thanks for pointing this out.
> The last point is interesting, and it seems sensible to me.
Hm.. I don't see how running our own PKI should be different. Our
web-of-trust is just very simple (and maybe doesn't deserve the term
"web"): every server allows certain keys commit access to certain
branches, only read access to other keys.
Considering that we may be sharing these "policies" between servers
manually, isn't that a sort of a web of trust? If you don't call it that
now, you probably will with policy branches.
> identification: Who are you?
> authentication: Are you allowed to do this?
>
> They are not the same thing, and they are not even related. In principle
> you could trust and authorize someone without knowing their name.
Without knowing a name, yes. But is the name really the answer to the
question "who are you"? (This is getting philosophical...)
I'd argue that to authenticate *someone* to do something, you always
need to identify the *someone* first. That doesn't necessarily mean
getting his name. You can easily authenticate by confirming that it's
the same person who has written revision 276264b0... for example. That's
the first revision in net.venge.mononone, being version 0.4 of monotone,
i.e. the person commonly known as Graydon Hoare. Trust me or not... ;-).
Regards
Markus Wanner
- Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, (continued)
- Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Robert White, 2008/10/19
- Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Brian May, 2008/10/19
- Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Daniel Carrera, 2008/10/20
- Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Brian May, 2008/10/20
- Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Daniel Carrera, 2008/10/21
- Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Richard Levitte, 2008/10/21
- Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Daniel Carrera, 2008/10/21
- Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL,
Markus Wanner <=
- Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Daniel Carrera, 2008/10/21
- Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Daniel Carrera, 2008/10/21
- Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Richard Levitte, 2008/10/21
- Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Daniel Carrera, 2008/10/21
- Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Markus Wanner, 2008/10/21
- Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Daniel Carrera, 2008/10/21
- Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Brian May, 2008/10/23
- Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Daniel Carrera, 2008/10/24
- Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Brian May, 2008/10/29
- Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Daniel Carrera, 2008/10/20