Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL

[Markus Wanner]

Hi,

Daniel Carrera wrote:
>> Was there a good reason why monotone didn't use GnuPG for signatures?
>> I have a feeling it was related to speed or something.

This question also caught my interest.

> This is in the FAQ:

Thanks for pointing this out.

> The last point is interesting, and it seems sensible to me.

Hm.. I don't see how running our own PKI should be different. Our
web-of-trust is just very simple (and maybe doesn't deserve the term
"web"): every server allows certain keys commit access to certain
branches, only read access to other keys.

Considering that we may be sharing these "policies" between servers
manually, isn't that a sort of a web of trust? If you don't call it that
now, you probably will with policy branches.

> identification: Who are you?
> authentication: Are you allowed to do this?
> 
> They are not the same thing, and they are not even related. In principle
> you could trust and authorize someone without knowing their name.

Without knowing a name, yes. But is the name really the answer to the
question "who are you"? (This is getting philosophical...)

I'd argue that to authenticate *someone* to do something, you always
need to identify the *someone* first. That doesn't necessarily mean
getting his name. You can easily authenticate by confirming that it's
the same person who has written revision 276264b0... for example. That's
the first revision in net.venge.mononone, being version 0.4 of monotone,
i.e. the person commonly known as Graydon Hoare. Trust me or not... ;-).

Regards

Markus Wanner