|
| From: | Brian May |
| Subject: | Re: [Monotone-devel] Re: WARNING: ~/.monotone/keys CONSIDERED HARMFUL |
| Date: | Tue, 21 Oct 2008 14:06:33 +1100 |
| User-agent: | Thunderbird 2.0.0.17 (X11/20080925) |
Lapo Luchini wrote:
You need to use email addresses in order to answer the question "Who signed this revision?"OK, using (the same) e-mail addresses in different keys may pose additional hurdles, but why using e-mail addresses in the first place?
Unfortunately, what we have is a poor solution, because you have to trust the key id (email address) in your database points to the correct key.
I could imagine setting up a database with false email addresses for the keys, so anybody who syncs from my database gets these keys and may get mislead as to how made the changes. As far I am aware there isn't any user visible way at the moment to test two keys are the same, we rely on the keyid which could be falsified. They is also no way to tell what key signed a particular revision, apart from its keyid.
The only part of this I am not sure of - is how monotone behaves if it notices a keyid has a different key during a sync operation.
Using hashes as the keyid solves this, because there can only be one hash for a given key, and the probability of generating another key that happens to share the same hash (if using a good hash algorithm) is very low.
Then the next part required would be some way of securely mapping the key id to a user - they are a number of different ways this could be done. Once we use hashes for keyids that is.
Brian May
| [Prev in Thread] | Current Thread | [Next in Thread] |