Re: [Monotone-devel] Re: partial pull #3

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Re: partial pull #3 - calling conventions

From:	Markus Schiltknecht
Subject:	Re: [Monotone-devel] Re: partial pull #3 - calling conventions
Date:	Mon, 28 May 2007 08:23:05 +0200
User-agent:	Icedove 1.5.0.10 (X11/20070329)

Hi,

Christian Ohler wrote:

Space is not the scarce resource here (well, not the most important one,
at least, IMHO): time is.


I'd say: bandwith, but I guess that's what you mean with 'time'.

Pull time is not only a question of size, it's also (mainly?) a question
of the time taken by the multiple hash and signature verifications.
Ok. Still, verifying signatures on 10MB worth of data is very likelyfaster than verifying them on 71MB worth of data.

I'm not getting the point here. Why do you want to transfer those 10 MB?Only to overcome the 'mtn automate' issues? And what do you want toverify on those 10 MB, if you don't have the underlying revision data(the files and manifests)?

IMO, there's utterly no point in transferring manifests and certs forrevisions you don't want to have.

Obviously, if monotone allows unverified data in its database, therewould be a new kind of failure: Information that was assumed to beavailable might turn out not to be.

That's a good point. But it's the price you pay for not wanting totransfer the whole repository. However, I suspect that most users arewilling to pay that.

For example, if a malicious serversends a bogus manifest to a monotone client claiming that this manifestcorresponds to a certain revision id, the client might detect later onthat the manifest doesn't actually hash to that id. So the client wouldhave to discard the revision. But that's no worse than a gap. In fact,it's much simpler to deal with than a gap since monotone wouldn't haveto handle such a situation particularly gracefully.


The user would probably loose some of his commits.

Or is all of the cryptographic verification that monotone does duringpull really needed at that time due to security considerations (e.g. toensure that the server doesn't perform a DoS attack on the client bysending an infinite chain of junk revisions)?


I don't think that monotone is particularly prone against DoS attacks.

Regards

Markus

[Prev in Thread]

Current Thread

[Next in Thread]

[Monotone-devel] partial pull #3 - calling conventions, Markus Schiltknecht, 2007/05/25
- Re: [Monotone-devel] partial pull #3 - calling conventions, Thomas Keller, 2007/05/25
  - Re: [Monotone-devel] partial pull #3 - calling conventions, Markus Schiltknecht, 2007/05/25
    - Re: [Monotone-devel] partial pull #3 - calling conventions, Thomas Keller, 2007/05/25
    - Re: [Monotone-devel] partial pull #3 - calling conventions, Markus Schiltknecht, 2007/05/25
  - Re: [Monotone-devel] partial pull #3 - calling conventions, Christian Ohler, 2007/05/26
    - [Monotone-devel] Re: partial pull #3 - calling conventions, Lapo Luchini, 2007/05/26
    - Re: [Monotone-devel] Re: partial pull #3 - calling conventions, Christian Ohler, 2007/05/26
    - [Monotone-devel] Re: partial pull #3 - calling conventions, Lapo Luchini, 2007/05/26
    - Re: [Monotone-devel] Re: partial pull #3 - calling conventions, Matt Johnston, 2007/05/27
    - Re: [Monotone-devel] Re: partial pull #3 - calling conventions, Markus Schiltknecht <=
    - [Monotone-devel] Re: partial pull #3 - calling conventions, Lapo Luchini, 2007/05/28
    - Re: [Monotone-devel] Re: partial pull #3 - calling conventions, Markus Schiltknecht, 2007/05/29

Prev by Date: Re: [Monotone-devel] partial pull #2 - gaps instead of a single horizon
Next by Date: Re: [Monotone-devel] partial pull #2 - gaps instead of a single horizon
Previous by thread: Re: [Monotone-devel] Re: partial pull #3 - calling conventions
Next by thread: [Monotone-devel] Re: partial pull #3 - calling conventions
Index(es):
- Date
- Thread