[Monotone-devel] Re: Enquiries about the "monotone" architecture and security features

[graydon hoare]

David wrote:

> sorry for disturb you again. i want to know the underlying architecture of "monotone". 

it's ok, but I will forward this email to our mailing list; this way 
more people can see the discussion we are having.

> what kind of architecture are you implement for "monotone"? 

distributed, decentralized, serverless. there is no central point of 
failure, trust, or communication, and no difference between clients and 
servers.

> can you send me the picture of this architecture? so that i'm easy to figure 
> out what you have explain.

http://www.venge.net/monotone/monotone-workflow.png

> i still want to ask something about your "monotone" security. how the 
> cryptography name and RSA implementation can authenticate the source code is genuine? and 
> how these security is integrated into your system to provide more security features? is 
> there any diagram explaining this? if no, can you draw the diagram and send it to me? 
> sorry for too much request.

"authentic" source code is a somewhat misleading concept. an RSA 
certificate suggests that the holder of a particular key has attested to 
a particular fact about some source code (say, approved it) but that 
doesn't mean that the source code *is* or *is not* "authentic" in any 
universal sense. all an RSA signature means is that you have some 
evidence that some person made some statement. the statement might be a 
lie, or your evidence might be false (say the key was stolen), or both.

that is all RSA can help you with, and it's all we provide. there is a 
limit to these things in the practical world.

> i also would like to know the differences between "monotone" and "OpenCM" system in term of the security feature and the underlying architecture implementation. 

the underlying difference is centralization. OpenCM manages a canonical, 
central repository, with developer databases reflecting the state of the 
canonical repository. monotone manages only developer's databases. users 
flood changes to one another, out of order, with no locking or 
serialization. monotone offers tools to help manage the divergence which 
will occur under that model, but tolerates divergence when it happens.

> as far as i know is that OpenCM also implementing the SHA1 and RSA for security purpose. but i don't know what is the differences between "monotone" compare to "OpenCM" system in term of this two aspects. 

RSA and SHA1 are just security tools; they have no specific mode of use 
required. I haven't studied it in depth, but I guess that OpenCM uses 
SHA1 to verify file integrity between clients and server, and RSA to 
verify client identity. monotone uses SHA1 to calculate entity names 
(files, manifests) and RSA to form certificates which describe metadata 
(such as history) from the varying perspectives of each user. monotone 
and openCM are quite different.

-graydon