monotone-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Monotone Security

From: Jack Lloyd
Subject: Re: [Monotone-devel] Monotone Security
Date: Thu, 16 Oct 2008 12:38:39 -0400
User-agent: Mutt/1.5.16 (2007-06-09) 
On Thu, Oct 16, 2008 at 06:22:02PM +0200, Daniel Carrera wrote:
> Jack Lloyd wrote:
>>> Regardless of whether this stops the DOS attack or not, I think that it 
>>> is important that the dates on the certificates be trustworthy.
>> That is really really hard. In fact it seems pretty much impossible,
>> especially for backdating. That's because there does not seem to be
>> any obvious way to distinguish between a certificate that I signed a
>> long time ago, and you are now just seeing (due a sync/push), and one
>> that I just now intentionally and maliciously backdated.
>> I think in Monotone is it more useful to reason about causality using
>> the explicit revision graph rather than try to bring trusted global
>> clocks into it.
>
> Reasoning about causality would go a long way: Never trust a revision that 
> is dated earlier than its parent. And it appears to address the specific 
> DOS attacks that Peter found.

That could easily happen due to a time change, though:

$ mtn ci . -m "Checkin 1"

[Right after this mtn process completes, NTP runs, or someone sets the
date manually, or whatever, and the clock is set back an hour]

$ mtn ci . -m "Checkin 2"

I would think the second checkin should still be considered valid here.

-Jack
reply via email to
[Prev in Thread] Current Thread [Next in Thread]