|
| From: | Brian May |
| Subject: | Re: [Monotone-devel] Monotone Security |
| Date: | Fri, 17 Oct 2008 14:30:58 +1100 |
| User-agent: | Thunderbird 2.0.0.17 (X11/20080925) |
Peter Stirling wrote:
The problem is that if you have the old key available to you, then you can create revisions that will pass your test for 'earlier than <date>', regardless of when they were actually signed. Digital signatures only allow you to state unequivocally that data was asserted by someone with access to the key. It's up to the recipient to decide whether to trust that assertion.Your code is workable though, if you can find a repository which hasn't yet been poisoned.
You need to be able to store both keys in the database at the same time. As it is (unless this has been fixed recently), as keys are referenced by the email address, you can't replace a key (that I know of) without changing your email address too. If so, then that is a DoS attack on your email address.
Keys should be referenced by keyid, similar to GnuPG. Brian May
| [Prev in Thread] | Current Thread | [Next in Thread] |