Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL

[Daniel Carrera]

Brian May wrote:
> Daniel Carrera wrote:
> > I think that Ethan's idea has a lot of merit. Btw, PGP allows a user 
> > to have multiple keys associated with the same name and email. To help 
> > the user distinguish between keys. If you list them, they look like this:
> >
> > Daniel Carrera (Personal) <address@hidden>
> > Daniel Carrera (Foo Corp) <address@hidden>
> > Daniel Carrera (Bar Inc) <address@hidden>
> > etc
>
> You need a secure means of assigning a name for each key.

I don't agree. What I propose would be no worse than naming the key 
'address@hidden' which is the current system. I'm just making 
the existing system more convenient.


> Was there a good reason why monotone didn't use GnuPG for signatures? I 
> have a feeling it was related to speed or something.

This is in the FAQ:

* GPG as a subprocess is slow, tricky and fragile; using the botan 
crypto library in-process is fast, simple and reliable.
* OpenPGP packet format is quite baroque, we need much less than it can do.
* The web of trust is useful for verifying that the name on a key 
matches the name on a passport. It isn't very useful for verifying that 
the holder of a key should have commit access to your project. We like 
to trust keys based on the quality of the code they sign, not based on 
the name attached to them. (In fact, every VCS we know of that does use 
OpenPGP keys doesn't leverage the web of trust at all, but rather 
requires you to explicitly upload each key you want to trust.)



The last point is interesting, and it seems sensible to me. It is the 
difference between identification and authentication. Something that 
Bruce Schneier talks about a lot:

identification: Who are you?
authentication: Are you allowed to do this?

They are not the same thing, and they are not even related. In principle 
you could trust and authorize someone without knowing their name.


Daniel.