[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Monotone-devel] Re: How to get the newest cert beginning with a certain
From: |
graydon hoare |
Subject: |
[Monotone-devel] Re: How to get the newest cert beginning with a certain substring? |
Date: |
Wed, 02 Feb 2005 16:11:09 -0500 |
User-agent: |
Mozilla Thunderbird 1.0 (X11/20041206) |
Derek Scherger wrote:
Currently each revision has (or should probably have) at least 4 certs:
- date
- author
- changelog
- branch
If date and author were added to each cert this could be reduced to 2
certs:
- changelog
- branch
and there was some talk on irc recently about how much space all these
certs consume due to their cryptographic signatures. Perhaps reducing
the cert count by adding date and author info to each cert could help
with this problem too?
hm. so then you would have
[id, name, value, author, date, signer,
sig(id|name|value|author|date|signer)]
as the cert? I'm not sure.. in a sense that couples things more, but in
a sense it decouples them. it means for example that I can "sign" the
fact that njs says a rev should be in a branch. maybe that's true -- it
expresses what happens in a rebuild much more accurately for example --
but it makes the trust rule evaluation a bit trickier. what happens if
you trust me but not njs? what if you trust njs but not me? hm. perhaps
not too tricky. it probably just means
function trust(cert)
return trust_signer(cert.signer) &&
trust_author(cert.author)
end
an additional thought occurs to me though: considering that you're
talking about decoupling the person who made the assertion from the
person who signed it, might you also want to decouple the date the
assertion was made from the date it was signed? i.e.
[id, name, value,
author, assertion-date,
signer, signing-date,
sig(id|name|value|author|assertion-date|signer|signing-date)]
I know that looks longer, but by eliminating the extra signatures from
date and author certs (and storing dates and authors non-base64-encoded)
it would be both less database space and much more efficient for some
things. I can see this having definite benefits. I'm just a bit worried
about the semantics.
while we're at it, it might be worth throwing in an algorithm name,
since I've been playing with importing gpg keys recently, and most of
those are pre-RSA patent expiry, so elgamal/DSA.
-graydon